Senior Threat Hunter

Armis, the cyber exposure management & security company, protects the entire attack surface and manages an organization’s cyber risk exposure in real time. In a rapidly evolving, perimeter-less world, Armis ensures that organizations continuously see, protect and manage all critical assets - from the ground to the cloud. Armis secures Fortune 100, 200 and 500 companies as well as national governments, state and local entities to help keep critical infrastructure, economies and society stay safe and secure 24/7.

Armis is a privately held company headquartered in California.

Senior / Principal Threat Hunter

Managed Threat Services (MTS) | Armis

The Senior Threat Hunter is a core member of Armis’ Managed Threat Services (MTS) organization, responsible for leading proactive threat hunting, advanced analysis, and complex incident investigations across multiple customer environments. This role blends deep technical expertise with strategic thinking to help customers identify, investigate, and respond to sophisticated adversaries—while continuously strengthening their detection and response posture.

As a senior technical leader, you will apply a risk-based methodology to deliver measurable security outcomes, influence MTS strategy, improve internal processes, and mentor the next generation of threat hunters.

Key Responsibilities

Threat Hunting & Detection

•
Lead proactive threat hunts to identify patterns, anomalies, and behaviors associated with known and emerging adversary TTPs.

•
Configure and optimize advanced security tools to enhance detection fidelity and coverage.

Investigations & Incident Response

•
Lead and execute complex threat investigations across customer environments.

•
Provide analytical support throughout the full incident lifecycle, including identification, containment, eradication, and recovery.

Threat Research & Intelligence

•
Research emerging threats and adversary techniques to develop actionable intelligence and effective detection strategies.

•
Translate intelligence into practical hunting methodologies and detection improvements.

Reporting & Communication

•
Produce detailed technical incident reports and contribute to executive-level summaries.

•
Clearly communicate findings, risk, and remediation guidance to both technical and executive stakeholders.

Platform & Service Optimization

•
Develop and maintain Armis platform policies, dashboards, and customer-specific monitoring use cases.

•
Partner with internal teams to automate workflows, enhance tooling, and improve service delivery efficiency.

Playbooks & Process

•
Design and maintain standardized, reusable threat hunting playbooks to scale and operationalize MTS capabilities.

•
Contribute feedback and prioritization input to product and feature development.

Customer Engagement & Leadership

•
Serve as a trusted advisor and thought leader for assigned customers on risk management, detection optimization, and response maturity.

•
Act as a recognized subject matter expert internally and externally.

Mentorship

•
Coach and mentor junior team members, fostering technical growth, collaboration, and continuous learning.

Qualifications

•
Bachelor’s degree in Cybersecurity, Computer Science, or a related field (preferred).

•
8+ years of professional cybersecurity experience, ideally in threat hunting, threat intelligence, incident response, or SOC operations.

•
Deep understanding of network infrastructure, operating systems, and common attack vectors.

•
Strong experience mapping adversary behavior using MITRE ATT&CK and Cyber Kill Chain frameworks.

•
Advanced expertise analyzing logs, endpoint telemetry, IDS/IPS data, and network traffic (NetFlow, PCAP).

•
Experience with malware analysis (static and dynamic) and IOC development.

•
Solid knowledge of security controls, detection engineering, and risk-based mitigation strategies.

•
Excellent written and verbal communication skills, with the ability to translate complex findings into actionable guidance.

•
Proven ability to operate independently and lead engagements in distributed, cross-functional environments.

•
U.S. citizenship required.

Preferred Certifications

•
GNFA, OSCP, CISSP, OSEP, GREM, or equivalent.

Nice to Have

•
Scripting or development experience (Python, PowerShell, etc.).

•
Exposure to machine learning or data-driven approaches for detection and triage automation.

•
Experience with the Armis platform or other OT/IoT and asset intelligence technologies.

The choices you make in your career journey matter. You want to do interesting work in an important field while also having time to live your life, which is why we place so much value in your life-work balance. Armis sets you up for success with comprehensive health benefits, discretionary time off, paid holidays including monthly me days, and a highly inclusive and diverse workplace. Put your unique experiences and perspective to work in an environment where they will enable you to thrive, grow, and live your life with integrity.

Armis is proud to be an equal opportunity employer. We never discriminate based on race, ethnicity, color, ancestry, national origin, religion, sex, sexual orientation, gender identity, age, disability, veteran status, genetic information, marital status or any other legally protected (or not) status. In compliance with federal law, all persons hired will be required to submit satisfactory proof of identity and legal authorization.

Please click here to review our privacy practices.