Job Summary

The Threat Hunting Lead is a senior individual contributor responsible for advancing the maturity and effectiveness of the enterprise threat hunting program. This role operates as a consulting-level practitioner embedded across Cyber Defense functions, performing hypothesis-driven hunts, supporting Purple Team activities, and building deception strategies to improve detection coverage, reduce exposure, and deliver measurable security outcomes.

Acting as a neutral integrator across teams, this position partners with Detection Engineering, Threat Intelligence Services, Incident Response, Red Team, Security Architecture, and platform owners to translate insights into durable improvements in detection, response, and preventive controls.

This role does not have direct reports but is expected to influence across teams, shape priorities, and drive execution through data, metrics, and subject-matter expertise.

Major Responsibilities

Threat Hunting Program Execution & Maturity

• Design and execute hypothesis-driven threat hunts across endpoint, identity, cloud/SaaS, and network telemetry.

• Develop and maintain a structured hunting methodology incorporating MITRE ATT&CK coverage, threat intelligence, incident retrospectives, and exposure analysis.

• Establish and evolve hunt frameworks, playbooks, and reusable analytics to scale program effectiveness.

• Drive continuous maturity improvements through measurable outcomes (e.g., detection coverage, dwell time reduction, control validation).

Cross-Functional Consulting & Integration

• Operate as a consulting partner across Cyber Defense, influencing without authority to drive alignment and execution.

• Translate hunt findings into:

• Detection engineering requirements

• Response improvements and runbooks

• Preventive and architectural enhancements

• Partner with platform and data owners to improve telemetry quality, coverage, and usability.

Technology, Data, and Automation

• Leverage and influence the use of platforms such as Microsoft Defender, Google SecOps SIEM, and security validation tooling.

• Develop advanced queries, analytics, and enrichment pipelines to support hunts.

• Identify and implement automation opportunities, including:

• Hunt query generation and templating

• Data enrichment and correlation

• Artifact clustering and analysis

• Knowledge capture and reuse

• Apply AI/ML capabilities where appropriate with governance and measurable impact.

Measurement, Metrics & Reporting

• Define and track outcome-based metrics to demonstrate program effectiveness, such as:

• ATT&CK coverage improvements

• Detection efficacy and gap closure

• Time to detect and respond

• Hunt-to-detection conversion rates

• Deliver clear reporting tailored to executive, technical, and operational audiences.

• Use data to prioritize efforts and guide strategic investment decisions.

Education & Experience

• Bachelor's Degree Required

• Master's Degree Preferred

• 5-7+ years in threat hunting, detection engineering, incident response, or advanced cyber defense roles.

• Demonstrated experience operating as a senior individual contributor influencing across multiple teams.

• Experience building or maturing threat hunting programs with measurable outcomes.

• Advanced proficiency in large-scale data analysis (e.g., KQL, SQL, BigQuery, log analytics).

• Strong understanding of adversary tradecraft (MITRE ATT&CK, kill chain, Diamond Model).

• Experience with:

• Endpoint detection and response (e.g., Microsoft Defender)

• Identity and cloud security (Entra ID, AWS, Azure, GCP)

• SIEM platforms (e.g., Google SecOps) and network telemetry (e.g., Zeek, NDR)

• Scripting and automation (Python, PowerShell).

Licenses, Certifications & Training

• Certified Ethical Hacker (CEH)

• GIAC: GSEC, GCIH, GCIA, GCED, GMON, GCDA, GDAT, GCFE or comparable

• CompTIA Security

Benefits

HCA Healthcare offers a total rewards package that supports the health, life, career and retirement of our colleagues. The available plans and programs include:

• Comprehensive benefits for medical, prescription drug, dental, vision, behavioral health and telemedicine services.

• Wellbeing support, including free counseling and referral services.

• Time away from work programs for paid time off, paid family leave, short-term and long-term disability coverage and leaves of absence.

• Savings and retirement resources, including a 401(k) plan with a 100% match on 3% to 9% of pay (based on years of service), Employee Stock Purchase Plan, flexible spending accounts, preferred banking partnerships, retirement readiness tools, rollover support and financial wellbeing counseling.

• Education support through tuition assistance, student loan assistance, certification support, dependent scholarships and a partnership with Galen College of Nursing.

• Additional benefits for fertility and family building, adoption assistance, life insurance, supplemental health protection plans, auto and home insurance, legal counseling, identity theft protection and consumer discounts.

Learn more about Employee Benefits (https://careers.hcahealthcare.com/pages/employee-benefits-and-rewards)

Equal Opportunity Employer Statement

We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.