Cyber Threat Hunter : SAP Cyber Intelligence and Threat Hunting (Mid-Level)

At SAP, we keep it simple: you bring your best to us, and we'll bring out the best in you. We're builders touching over 20 industries and 80% of global commerce, and we need your unique talents to help shape what's next. The work is challenging - but it matters. You'll find a place where you can be yourself, prioritize your wellbeing, and truly belong. What's in it for you? Constant learning, skill growth, great benefits, and a team that wants you to grow and succeed.

What you'll do

SAP is seeking a Cyber Threat Hunter (f/m/d) to support a world-class capability focused on identifying advanced and persistent cyber threats. The Cyber Threat Hunting function operates in close alignment with the Cyber Threat Intelligence (CTI) team, an intelligence-driven capability that focuses on identifying adversary behavioral tactics, techniques, and procedures (TTPs). In this role, the analyst will analyze and correlate large data sets across endpoint, identity, network, and cloud telemetry to help identify suspicious or malicious activity within a diverse and dynamic environment.

As part of the SAPs Cyber Intelligence and Threat Hunting(CITH) Team, the analyst will contribute to proactive and reactive, hypothesis-driven hunting efforts aimed at identifying advanced adversary behaviors, emerging tradecraft, and potential detection gaps. The role will involve supporting Hypothesis and Behavioral Based hunts to include developing hypotheses, analyzing anomalies against established baselines, and assisting in hunts focused on specific MITRE ATT&CK techniques.

SAPs Threat Hunter(s) will collaborate closely with Senior Threat Hunting leadership, Cyber Threat Intelligence (CTI), Incident Response (IR), Detection Engineering, and Security Engineering teams to help translate intelligence into actionable hunts and contribute to the development of new behavioral detections. This role requires a curious, analytical mindset and a strong team-oriented approach to support the continued growth and maturity of the threat hunting capability.

Role and Responsibilities

• Develop threat hunting hypotheses derived from Cyber Threat Intelligence (CTI) reporting

• Create and execute queries to identify behaviors and TTPs aligned with intelligence reporting

• Analyze endpoint, identity, network, and cloud telemetry for malicious, suspicious, and anomalous activity

• Perform triage and deeper analysis on suspicious findings

• Collaborate with Detection Engineering to operationalize validated hunt queries

• Support Incident Response (IR) with contextual telemetry and investigative findings

• Assist in identifying misconfigurations and potential vulnerabilities

• Document hunt findings in a clear, reproducible, and defensible format

• Map findings to the MITRE ATT&CK framework

• Contribute to the continuous improvement of hunting methodologies and playbooks

• Bachelor's Degree in Computer Sciences, Information Technology, Cybersecurity, or comparable qualification
• 2+ years of related professional experience in IR, Detection Engineering, and/or Threat Hunting

Technical Skills and Comptencies

• Familiarity with Windows, Linux, MacOS environments

• Experience with log analysis and security tooling (e.g. SIEM,EDR, IDS/IPS)

• Understanding of networking fundamentals (TCP/IP, DNS, HTTP/S)

• Ability to write and interpret programming langauge (Python,PowerShell, JAVA, GO)

• Working knowledge of MITRE ATT&CK and Lockheed's Cyber Kill Chain concepts

Anayltical and Investigative Skills

• Strong curiousity and analytical mindset

• Ability to identify patterns and correlate disparate data

• Detail-oriented approach to investigation and problem solving

Professional Competencies

• Willingness to learn and take direction from senior team members

• Comfortable with working both independently and collaboratively

• Good written and verbal communication skills

• Ability to clearly articulate investigative findings to both technical and non-technical stakeholders

Preferred Certifications

• GIAC Security Operations Certified (GSOC)

• GIAC Certified Incident Handler (GCIH)

• GIAC Network Forensic Analyst (GNFA)

• GIAC Reverse Engineering Malware (GREM)

• CompTIA Security+

SAP innovations help more than four hundred thousand customers worldwide work together more efficiently and use business insight more effectively. Originally known for leadership in enterprise resource planning (ERP) software, SAP has evolved to become a market leader in end-to-end business application software and related services for database, analytics, intelligent technologies, and experience management. As a cloud company with two hundred million users and more than one hundred thousand employees worldwide, we are purpose-driven and future-focused, with a highly collaborative team ethic and commitment to personal development. Whether connecting global industries, people, or platforms, we help ensure every challenge gets the solution it deserves. At SAP, you can bring out your best. We win with inclusion SAP's culture of inclusion, focus on health and well-being, and flexible working models help ensure that everyone - regardless of background - feels included and can run at their best. At SAP, we believe we are made stronger by the unique capabilities and qualities that each person brings to our company, and we invest in our employees to inspire confidence and help everyone realize their full potential. We ultimately believe in unleashing all talent and creating a better world. SAP is committed to the values of Equal Employment Opportunity and provides accessibility accommodations to applicants with physical and/or mental disabilities. If you are interested in applying for employment with SAP and are in need of accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to Recruiting Operations Team: Careers@sap.com.