Sr Analyst -Senior SOC Analyst – Threat Hunting
- Full-time
- Location: India - Hyderabad
- Company: Mattel Global Business Services
Job Description
Senior SOC Analyst – Threat Hunting
About the Role
The Senior SOC Analyst – Threat Hunting is responsible for proactively identifying, investigating, and mitigating sophisticated cyber threats that target Mattel’s global enterprise. This role goes beyond traditional alert triage and incident response, focusing on proactive detection of malicious activity that evades automated defenses. The analyst leverages advanced threat intelligence, behavioral analytics, endpoint telemetry, and network data to uncover hidden adversary activity and improve organizational resilience. This position requires deep technical expertise in threat hunting, detection engineering, and forensics, with the ability to translate threat insights into actionable detections and security improvements.
Roles and Responsibilities
Plan, design, and execute proactive threat hunts to identify stealthy adversaries and undetected compromises across Mattel’s environment.
Develop hypotheses based on threat intelligence, adversary behaviors, and environmental telemetry to guide hunting activities.
Analyze endpoint, network, and cloud data to identify anomalies, malicious behavior, and emerging attack techniques.
Create, test, and maintain advanced detection use cases in SIEM, EDR, and NDR platforms to improve detection coverage.
Collaborate with Incident Response teams to validate findings, contain threats, and support recovery efforts during security incidents.
Perform deep-dive forensic investigations using log data, EDR telemetry, and network captures to identify root causes and attacker movement.
Integrate internal and external threat intelligence into hunting workflows to improve detection accuracy and contextual awareness.
Develop and tune detection logic to reduce false positives and enhance signal-to-noise ratio in alerting pipelines.
Contribute to the development and continuous improvement of SOC playbooks, workflows, and standard operating procedures (SOPs).
Mentor SOC analysts in threat hunting methodologies, investigation best practices, and detection engineering principles.
Collaborate with Red Teams, Security Engineering, and Threat Intelligence teams to simulate attacks, validate defenses, and close detection gaps.
Perform periodic assessments of detection coverage and visibility to ensure alignment with the MITRE ATT&CK framework.
Lead or support purple team exercises to assess SOC readiness, identify detection gaps, and strengthen defensive posture.
Participate in continuous improvement initiatives to enhance logging, telemetry, and automation capabilities within the SOC.
Stay informed about emerging threats, APT campaigns, and evolving adversary tradecraft relevant to the organization’s threat landscape.
Skills and Qualifications
Required:
7+ years of experience in a SOC, threat hunting, or incident response role, including at least 2 years in a senior capacity.
Strong technical expertise in proactive threat hunting, detection engineering, and digital forensics.
Deep familiarity with SIEM platforms such as Splunk, Microsoft Sentinel, Chronicle, or QRadar.
Experience with EDR/NDR tools including CrowdStrike, SentinelOne, Carbon Black, or Darktrace.
Hands-on experience with network traffic analysis tools (Wireshark, Zeek) and endpoint telemetry analysis.
Proficiency in scripting or automation using Python, PowerShell, or Bash to enhance hunting and investigation workflows.
Comprehensive understanding of MITRE ATT&CK, threat intelligence integration, and adversary behavior analysis.
Knowledge of Windows, Linux, and macOS internals, including attack surfaces and forensic artifacts.
Strong analytical mindset with the ability to identify complex attack chains and detect subtle indicators of compromise.
Excellent written and verbal communication skills for technical reporting and stakeholder updates.
Preferred:
Bachelor’s degree in Cybersecurity, Computer Science, or a related field (or equivalent experience).
Certifications such as GIAC GCIA, GCTI, GCFA, GNFA, GCIH, GCFE, or Certified Threat Intelligence Analyst (CTIA).
Experience working with cloud platforms (AWS, Azure, GCP) and containerized environments (Docker, Kubernetes).
Familiarity with SOAR tools and automation frameworks to streamline threat hunting and response.
Proven ability to collaborate across red, blue, and purple teams to drive detection and response improvements.
Knowledge of frameworks such as NIST 800-61, CIS Controls, and ITIL incident management best practices.
Shift Timing:
This role follows a rotating shift schedule to ensure 24x7 coverage, with primary hours between 05:00–14:00 PST (18:30–03:30 IST). Weekend or on-call rotations may be required during high-severity incidents or major security events.
By clicking the link above or any third-party link within this posting, you are leaving this site and going to a third-party website where the third-party website's terms and privacy policy apply