Threat Hunter Lead

**Threat Hunter Lead**

**Take a central role**

The Bank of Canada has a vision to be a leading central bank—dynamic, engaged and trusted—committed to a better Canada. No other employer in the country offers you the unique opportunity to work at the very center of Canada’s economy, in an organization with significant impact on the economic and financial well-being of all Canadians. You will be challenged, energized and motivated to excel in our environment.

Building on the principles that have always guided us - excellence, integrity and respect - we strive to be forward-looking and innovative, to welcome people with diverse perspectives and talents, and to earn trust by living up to our commitments and by clearly explaining the intent of our policies and actions.

With our defined-benefit pension plan, benefits, and high flexibility for work life balance - find out more about why we are annually ranked as one of Canada's top employers: Working Here - Bank of Canada

Find out more about the next steps in our Recruitment process.

**Threat Hunter Lead**

Reporting to the Assistant Director, Cyber Security Operations, you will join a highly impactful Cyber Security team with the mission to keep Canada’s economy safe and secure. In this senior technical role, you will lead threat hunting activities, including log and network traffic analysis, malware behaviour and reverse engineering analysis, and understanding threat Tactics, Techniques and Procedures (TTPs) and how they apply. You will have the autonomy to make decisions and recommendations, utilizing state-of-the-art Enterprise Cyber Security Solutions and continuously learning as technology and threats evolve.

**Key Responsibilities**:

- Develop and maintain the Bank’s threat hunting program, including frameworks, methodologies, and reporting.
- Align hunting activities with the Bank’s threat profile, cyber crown jewels, and risk scenarios to ensure relevance and impact.
- Define and track program KPIs (e.g., dwell time reduction, hypothesis validation, detection coverage) to measure effectiveness and drive continuous improvement.
- Actively conduct threat hunts to search for threats by analyzing network traffic, logs, and other data sources to identify potential security risks and investigate suspicious activities within the systems and networks
- Develop and test hypotheses regarding potential threats based on emerging trends, threat models you develop, or known tactics, techniques and procedures
- Provide coaching, mentoring, technological expertise, and influence threat detection priorities based on threat intelligence and research
- Engage in ongoing learning about new threats, tools, and techniques to enhance threat hunting capabilities
- Collaborating with Incident response teams to investigate and remediate threats
- Assist in the testing and validation of detection techniques and methods, providing feedback on their effectiveness and suggesting improvements to enhance accuracy and reduce false positives.
- Produce actionable, clear and concise, threat-based reports on hunting or security testing results and remediation options
- Provide advisory and consultation services to senior management and perform as a cyber security SME for emerging threats and investigations
- Innovate and create novel solutions including User Behavior Analytics (UBA) models by leveraging Data Science and Machine Learning (ML)
- Establish and maintain collaborative relationships with external partners and vendors to exchange best practices, support operational objectives, and enhance organizational capabilities through shared insights and continuous improvement

**What You Need to Succeed**:

- Strong understanding and/or experience in offensive security capabilities and threat actor objectives, including familiarity with the MITRE ATT&CK Framework, cyber threat intelligence, threat hunting, risk assessment, and/or penetration testing
- Hands-on experience in malware analysis, reverse engineering, and conducting security research.
- Experience with Splunk as a SIEM tool and the creation of custom security analytics (use cases), endpoint detection and response (EDR) tools and experience in analyzing endpoint logs to detect suspicious activity.
- Knowledge of Windows operating system security, including logging and telemetry sources and familiarity with network and operating system security and network security technologies
- Understanding of cyber kill chain and cybersecurity frameworks (e.g., MITRE ATT&CK, NIST SP 800-53)
- Knowledge of current regional and global threat landscape

**Nice-to-Have Skills**:

- Recent experience leading a team of Cyber Security Analysts/Developers
- Prior experience conducting blue/purple team exercises or penetration testing
- Experience in Incident Response or leading incident response
- Cloud knowledge and expertise of leading cloud providers (AWS, GCP, Azure)
- Programming and scripting languages skills such as C++/C#/JavaScript/Pyth