Cyber Threat Hunting - Lead Associate

The Role

The Cyber Threat Hunting Lead Associate will provide global threat hunting capability for WTW, responsibilities of this role will include:

• Conduct threat-hunting operations to identify and mitigate potential threats before they can impact the organization.
• Develop and execute hypothesis-driven threat hunting techniques to uncover adversary tactics, techniques, and procedures (TTPs).
• Analyze security trends and assess their impact on the organization, providing actionable insights to leadership.
• Execute proactive threat hunts to identify and investigate potential indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and anomalous activities.
• Analyze threat intelligence to enhance detection and response capabilities and ensure alignment with WTW’s security strategy.
• Utilize advanced threat hunting tools and techniques, including behavioral analytics, anomaly detection, and threat intelligence integration.
• Support incident response activities by conducting forensic analysis, identifying root causes, and recommending mitigation strategies.
• Collaborate with stakeholders across ICSD and other teams to improve threat detection and response processes.
• Create and maintain documentation, such as threat hunt reports, playbooks, and standard operating procedures (SOPs).
• Stay updated on emerging threats, vulnerabilities, and cybersecurity trends to continuously refine threat-hunting methodologies.

Note: Employment-based non-immigrant visa sponsorship and/or assistance is not offered for this specific job opportunity.

The Requirements

• A detail-oriented professional with a proactive mindset to stay ahead of emerging threats.
• A team player who thrives in a collaborative environment and can navigate complex challenges effectively.
• Someone passionate about making a tangible impact on WTW’s cybersecurity resilience
• Extensive experience in cyber threat hunting & security incident response in global environments.
• Strong problem-solving and analytical skills, with the ability to influence stakeholders and drive effective decision-making.
• Expertise in adversarial tactics, techniques, and procedures (TTPs), the MITRE ATT&CK framework, cyber kill chain, and hacking/post-exploitation tools.
• Proficiency in interpreting and querying diverse log types (e.g., Windows Event, Web server, Firewall logs) and conducting threat hunts within SIEM and EDR tools.
• Knowledge of forensic methodologies, open-source tooling, and cloud security, including incident response in cloud environments.
• Familiarity with scripting languages such as Python, PowerShell, and KQL, with a functional understanding of programming concepts.
• Industry-recognized certifications in Cyber Incident Response, Forensics, or Malware Analysis are a plus.
• Strong communication, collaboration, and interpersonal skills to effectively convey security and risk concepts across diverse audiences.

Compensation and Benefits

Base salary range and benefits information for this position are being included in accordance with requirements of various state/local pay transparency legislation. Please note that salaries may vary for different individuals in the same role based on several factors, including but not limited to location of the role, individual competencies, education/professional certifications, qualifications/experience, performance in the role and potential for revenue generation (Producer roles only).

Compensation

The base salary compensation range being offered for this role is $100,000.00-$180,000.00 USD annually. This role is also eligible for an annual short-term incentive bonus.

Company Benefits

WTW provides a competitive benefit package which includes the following (eligibility requirements apply):

• Health and Welfare Benefits: Medical (including prescription coverage), Dental, Vision, Health Savings Account, Commuter Account, Health Care and Dependent Care Flexible Spending Accounts, Group Accident, Group Critical Illness, Life Insurance, AD&D, Group Legal, Identify Theft Protection, Wellbeing Program and Work/Life Resources (including Employee Assistance Program)
• Leave Benefits: Paid Holidays, Annual Paid Time Off (includes state/local paid leave where required), Short-Term Disability, Long-Term Disability, Other Leaves (e.g., Bereavement, FMLA, ADA, Jury Duty, Military Leave, and Parental and Adoption Leave), Paid Time Off (only included for Washington roles)
• Retirement Benefits: Qualified contributory pension plan (if eligible) and 401(k) plan with annual nonelective company contribution. Non-qualified retirement plans available to senior level colleagues who satisfy the plans’ eligibility requirements.

Pursuant to the San Francisco Fair Chance Ordinance and Los Angeles County Fair Chance Ordinance for Employers, we will consider for employment qualified applicants with arrest and conviction records.

EOE, including disability/vets