Used Tools & Technologies
Not specified
Required Skills & Competences
Tag name is followed by "@" symbol and proficiency level value.
About proficiency levels:
- 1-2 — basic awareness. Minimal hands-on experience, and a rudimentary understanding of the technology's purpose;
- 3-6 — daily use. Comfortable and regular usage, capable of handling common tasks and challenges related to the technology;
- 7-9 — you are an expert, you can teach others, you know all the pitfalls and tricks;
- 10 — exceptional knowledge, comprehensive understanding, and adeptness in all aspects of the technology, including advanced problem-solving. Think twice before claiming or demanding such level.
Security @ 3
Linux @ 6
Python @ 5
GitHub @ 5
Git @ 5
Reporting @ 3
macOS @ 6
AI @ 3
- 1-2 — basic awareness. Minimal hands-on experience, and a rudimentary understanding of the technology's purpose;
- 3-6 — daily use. Comfortable and regular usage, capable of handling common tasks and challenges related to the technology;
- 7-9 — you are an expert, you can teach others, you know all the pitfalls and tricks;
- 10 — exceptional knowledge, comprehensive understanding, and adeptness in all aspects of the technology, including advanced problem-solving. Think twice before claiming or demanding such level.
Details
Our Purpose
At SentinelOne, we are driven by a clear purpose: to give the advantage to those who secure our future. As AI reshapes how organizations build, operate, and innovate, the responsibility to protect them becomes more critical than ever. When you join SentinelOne, your work helps protect global enterprises, critical infrastructure, and the technologies shaping tomorrow.
About Us
SentinelOne is at the intersection of AI and security, pioneering a new operating model for cybersecurity. Our AI-native platform unifies protection across endpoint, cloud, identity, data, and AI systems to deliver autonomous detection and response. We combine real-time analytics, intelligent automation, and a unified data foundation to reduce noise, simplify complexity, and empower security teams.
Role overview
As an experienced threat hunter, you will deliver SentinelOne’s proactive threat hunting services to Threat Hunting clients (including FedRAMP-authorized environments). You will build and maintain a library of hypothesis-driven hunts and reusable rules across Windows, macOS, and Linux, with a strong emphasis on EDR telemetry. You will partner closely with MDR, Incident Response, Labs, and Detection Engineering to respond to emerging threats, convert research into actionable hunts, and communicate clearly with clients.
Responsibilities
- Design, implement, and continuously improve a structured library of hypothesis-driven hunts and reusable rules aligned with the MITRE ATT&CK framework.
- Execute proactive hunts across diverse telemetry (primarily EDR) to uncover malicious activity such as living-off-the-land techniques and stealthy persistence.
- Carry out threat hunting activities in controlled FedRAMP environments.
- Translate findings into repeatable playbooks, automations, and platform-ready detections where applicable.
- Triage emerging threats (e.g., zero-days), assess potential exposure, and build focused hunts and detections mapped to relevant TTPs with validation steps.
- Produce concise, actionable client advisories explaining scope and potential impact, recommended mitigations, and SentinelOne’s protective actions.
- Partner with Detection Engineering, MDR, Labs, and CTI to evaluate and tune rules for fidelity and coverage.
- Curate and operationalize relevant IOCs/TTPs from CTI, Labs research, and OSINT into hunts and, when appropriate, platform detections.
Requirements
- 3+ years in security operations and/or adjacent disciplines (threat hunting, incident response, DFIR, malware analysis, SOC, or penetration testing).
- Strong familiarity with EDR telemetry (process, file, network, persistence); SentinelOne experience is a plus.
- Proficiency with Python and Git/GitHub workflows (branches, PRs, code review); ability to turn hunt logic into robust, reusable code.
- Broad OS internals knowledge across Windows, Linux, and macOS.
- Applied CTI skills: consume and operationalize IOCs/TTPs; track actors/campaigns; pivot with OSINT to enrich hunts.
- Experience collaborating with cross-functional teams to cycle from research → hunt → detection → outcome.
- Clear, concise writing and reporting for client-facing communications (advisories, AARs, executive summaries) and comfort presenting technical analysis directly to clients when necessary.
- Familiarity with MITRE ATT&CK and mapping hunts to relevant techniques.
- U.S. citizenship required due to FedRAMP program requirements.
Benefits
- Medical, Vision, Dental, 401(k), Commuter, Health and Dependent FSA
- Unlimited PTO
- Restricted Stock Program and other Total Rewards
- 16 weeks gender-neutral parental leave
- Paid company holidays and sick time
- Flexible working hours
- Employee stock purchase program
- Disability and life insurance
- Employee assistance program
- Gym membership reimbursement
- Internet/Mobile allowance
- Learning & development opportunities
- Opportunity to strengthen communities globally through the S Foundation
Compensation
This U.S. role has a base pay range that will vary based on the location of the candidate. Base Salary Range: $84,000—$110,000 USD
Additional notes
SentinelOne participates in the E-Verify Program for all U.S. based roles and is an Equal Employment Opportunity and Affirmative Action employer.