Threat Hunting Lead

The Threat Hunting Lead is a senior individual contributor responsible for advancing the maturity and effectiveness of the enterprise threat hunting program. This role operates as a consulting-level practitioner embedded across Cyber Defense functions, performing hypothesis-driven hunts, supporting Purple Team activities, and building deception strategies to improve detection coverage, reduce exposure, and deliver measurable security outcomes.

Acting as a neutral integrator across teams, this position partners with Detection Engineering, Threat Intelligence Services, Incident Response, Red Team, Security Architecture, and platform owners to translate insights into durable improvements in detection, response, and preventive controls.

This role does not have direct reports but is expected to influence across teams, shape priorities, and drive execution through data, metrics, and subject-matter expertise.

Major Responsibilities

Threat Hunting Program Execution & Maturity

• Design and execute hypothesis-driven threat hunts across endpoint, identity, cloud/SaaS, and network telemetry.
• Develop and maintain a structured hunting methodology incorporating MITRE ATT&CK coverage, threat intelligence, incident retrospectives, and exposure analysis.
• Establish and evolve hunt frameworks, playbooks, and reusable analytics to scale program effectiveness.
• Drive continuous maturity improvements through measurable outcomes (e.g., detection coverage, dwell time reduction, control validation).

Cross-Functional Consulting & Integration

• Operate as a consulting partner across Cyber Defense, influencing without authority to drive alignment and execution.
• Translate hunt findings into:

• Detection engineering requirements
• Response improvements and runbooks
• Preventive and architectural enhancements

• Partner with platform and data owners to improve telemetry quality, coverage, and usability.

Technology, Data, and Automation

• Leverage and influence the use of platforms such as Microsoft Defender, Google SecOps SIEM, and security validation tooling.
• Develop advanced queries, analytics, and enrichment pipelines to support hunts.
• Identify and implement automation opportunities, including:

• Hunt query generation and templating
• Data enrichment and correlation
• Artifact clustering and analysis
• Knowledge capture and reuse

• Apply AI/ML capabilities where appropriate with governance and measurable impact.

Measurement, Metrics & Reporting

• Define and track outcome-based metrics to demonstrate program effectiveness, such as:

• ATT&CK coverage improvements
• Detection efficacy and gap closure
• Time to detect and respond
• Hunt-to-detection conversion rates

• Deliver clear reporting tailored to executive, technical, and operational audiences.
• Use data to prioritize efforts and guide strategic investment decisions.

Do you have experience in Analysis skills?, * Bachelor's Degree Required

• Master's Degree Preferred
• 5-7+ years in threat hunting, detection engineering, incident response, or advanced cyber defense roles.
• Demonstrated experience operating as a senior individual contributor influencing across multiple teams.
• Experience building or maturing threat hunting programs with measurable outcomes.
• Advanced proficiency in large-scale data analysis (e.g., KQL, SQL, BigQuery, log analytics).
• Strong understanding of adversary tradecraft (MITRE ATT&CK, kill chain, Diamond Model).
• Experience with:

• Endpoint detection and response (e.g., Microsoft Defender)
• Identity and cloud security (Entra ID, AWS, Azure, GCP)
• SIEM platforms (e.g., Google SecOps) oNetwork telemetry (e.g., Zeek, NDR)

• Scripting and automation (Python, PowerShell).

Licenses, Certifications, & Training:

• Certified Ethical Hacker (CEH)
• GIAC: GSEC, GCIH, GCIA, GCED, GMON, GCDA, GDAT, GCFE or comparable
• CompTIA Security+

Pulled from the full job description

• Loan assistance
• Tuition reimbursement
• Employee stock purchase plan
• Health insurance
• 401(k) matching
• Paid time off
• Vision insurance, HCA Healthcare, offers a total rewards package that supports the health, life, career and retirement of our colleagues. The available plans and programs include:
• Comprehensive benefits for medical, prescription drug, dental, vision, behavioral health and telemedicine services
• Wellbeing support, including free counseling and referral services
• Time away from work programs for paid time off, paid family leave, long- and short-term disability coverage and leaves of absence
• Savings and retirement resources, including a 401(k) Plan with a 100% match on 3% to 9% of pay (based on years of service), Employee Stock Purchase Plan, flexible spending accounts, preferred banking partnerships, retirement readiness tools, rollover support and financial wellbeing counseling
• Education support through tuition assistance, student loan assistance, certification support, dependent scholarships and a partnership with Galen College of Nursing
• Additional benefits for fertility and family building, adoption assistance, life insurance, supplemental health protection plans, auto and home insurance, legal counseling, identity theft protection and consumer discounts

Learn more about Employee Benefits

Do you have the career opportunities as a(an) Threat Hunting Lead you want with your current employer? We have an exciting opportunity for you to join HCA Healthcare which is part of the nation's leading provider of healthcare services, HCA Healthcare., HCA Healthcare has been recognized as one of the World's Most Ethical Companies® by the Ethisphere Institute more than ten times. In recent years, HCA Healthcare spent an estimated $3.7 billion in cost for the delivery of charitable care, uninsured discounts, and other uncompensated expenses. "Bricks and mortar do not make a hospital. People do."- Dr. Thomas Frist, Sr.