Job Specifications
Senior / Principal Threat Hunter
Managed Threat Services (MTS) | Armis. Armis is looking for a Senior / Principal Threat Hunter to join our Managed Threat Services (MTS) team. This is a highly visible, hands-on role for an experienced threat hunter who thrives on proactive detection, deep investigations, and helping customers stay ahead of sophisticated adversaries.
You’ll operate as a senior technical leader, driving proactive threat hunting, leading complex investigations, shaping MTS strategy, and mentoring the next generation of threat hunters—while delivering measurable security outcomes for enterprise customers.
What You’ll Do:
Threat Hunting & Detection
Lead proactive threat hunts to identify attacker behaviors, anomalies, and emerging adversary TTP's
Tune and optimize advanced security tooling to improve detection quality and coverage
Investigations & Incident Response
Lead complex investigations across customer environments
Support the full incident lifecycle: identification, containment, eradication, and recovery
Threat Research & Intelligence
Research emerging threats and adversary techniques
Translate threat intelligence into actionable hunts and detection improvements
Reporting & Communication
Produce detailed technical incident reports and executive-level summaries
Clearly communicate risk, findings, and remediation guidance to both technical and non-technical stakeholders
Platform & Service Optimization
Build and maintain Armis platform policies, dashboards, and customer-specific monitoring use cases
Partner cross-functionally to automate workflows, improve tooling, and scale service delivery
Playbooks & Process
Design and maintain standardized threat hunting playbooks
Provide feedback and prioritization input into product and feature development
Customer Leadership
Serve as a trusted security advisor to customers on detection maturity and response readiness
Act as a recognized subject-matter expert internally and externally
Mentorship, Coach and mentor junior threat hunters, fostering technical growth and continuous learning
What You Bring:
Bachelor’s degree in Cybersecurity, Computer Science, or related field (preferred)
8+ years of cybersecurity experience (threat hunting, IR, threat intelligence, SOC, or detection engineering)
Deep understanding of networks, operating systems, and common attack vectors
Strong experience with MITRE ATT&CK and Cyber Kill Chain frameworks
Advanced log and telemetry analysis (endpoint, network, IDS/IPS, NetFlow,PCAP)
Experience with malware analysis (static/dynamic) and IOC development
Solid understanding of detection engineering, security controls, and risk-based mitigation
Excellent written and verbal communication skills
Ability to operate independently and lead investigations in distributed environments
U.S. citizenship required
Preferred Certifications: GNFA, OSCP, CISSP, OSEP, GREM, or equivalent
Niceto Have
Scripting or development experience (Python, PowerShell, etc.)
Exposure to ML or data-driven detection/triage automation
Experience with Armis or OT/IoT / asset intelligence platforms
About the Company
Armis, the cyber exposure management & security company, protects the
entire attack surface and manages an organization’s cyber risk exposure in
real time.
In a rapidly evolving, perimeter-less world, Armis ensures that organizations continuously see, protect and manage all critical assets - from the ground to the cloud. Armis secures Fortune 100, 200 and 500 companies as well as national governments, state and local entities to help keep critical infrastructure, economies and society stay safe and secure 24/7.
Armis is a...
Know more