Cyber Threat Hunting Lead Associate

WTW is an award-winning advisory, broking and solutions company that helps clients around the world turn risk into a path for growth. 
From the Titanic ship in 1912 to The Moon Buggy in 1971, WTW has a richness in insurance history dating back to 1828.

Our WTW Regional Delivery Hub based in the heart of Lisbon - encompasses a 175 strong global team of who deliver operational excellence through innovation and streamlined solutions every single day. 

As a Cyber Threat Hunting Lead Associate, you will play a key role in proactively detecting, investigating, and mitigating potential threats to WTW’s global operations. This hands-on technical role requires prior experience in threat hunting, cybersecurity, and incident response. You will leverage your expertise to execute proactive and reactive threat hunts, analyze complex security incidents, and contribute to WTW’s intelligence-led cyber defense strategy.

We are seeking a motivated and detail-oriented professional with a passion for cybersecurity and a strong technical foundation in threat detection and response. This role does not include line management responsibilities but offers opportunities to collaborate with a global, multi-disciplinary team and contribute to enhancing WTW’s overall security posture.

The Cyber Threat Hunting Lead Associate will provide global threat hunting and forensic capability for WTW, responsibilities of this role will include:

• Conduct threat-hunting operations to identify and mitigate potential threats before they can impact the organization.
• Develop and execute hypothesis-driven threat hunting techniques to uncover adversary tactics, techniques, and procedures (TTPs).
• Analyze security trends and assess their impact on the organization, providing actionable insights to leadership.
• Execute proactive threat hunts to identify and investigate potential indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and anomalous activities.
• Analyze threat intelligence to enhance detection and response capabilities and ensure alignment with WTW’s security strategy.
• Utilize advanced threat hunting tools and techniques, including behavioral analytics, anomaly detection, and threat intelligence integration.
• Support incident response activities by conducting forensic analysis, identifying root causes, and recommending mitigation strategies.
• Collaborate with stakeholders across ICSD and other teams to improve threat detection and response processes.
• Create and maintain documentation, such as threat hunt reports, playbooks, and standard operating procedures (SOPs).
• Stay updated on emerging threats, vulnerabilities, and cybersecurity trends to continuously refine threat-hunting methodologies.
• Conduct host and network forensics, log analysis, and evidence collection for on-premises and cloud systems, ensuring proper chain of custody and documentation.

We are looking for a candidate for the Cyber Threat Hunting Lead Associate who has the following:

• A detail-oriented professional with a proactive mindset to stay ahead of emerging threats.
• A team player who thrives in a collaborative environment and can navigate complex challenges effectively.
• Someone passionate about making a tangible impact on WTW’s cybersecurity resilience
• Extensive experience in cyber threat hunting & security incident response in global environments.
• Strong problem-solving and analytical skills, with the ability to influence stakeholders and drive effective decision-making.
• Expertise in adversarial tactics, techniques, and procedures (TTPs), the MITRE ATT&CK framework, cyber kill chain, and hacking/post-exploitation tools.
• Proficiency in interpreting and querying diverse log types (e.g., Windows Event, Web server, Firewall logs) and conducting threat hunts within SIEM and EDR tools.
• Knowledge of forensic methodologies, open-source tooling, and cloud security, including incident response in cloud environments.
• Familiarity with scripting languages such as Python, PowerShell, and KQL, with a functional understanding of programming concepts.
• Industry-recognized certifications in Cyber Incident Response, Forensics, or Malware Analysis are a plus
• Strong communication, collaboration, and interpersonal skills to effectively convey security and risk concepts across diverse audiences.