Job Title: Mid-Level Threat Hunter & Access Governance Analyst

Department: Cybersecurity / Security Operations

Location: Abu Dhabi, UAE, On-site

Reports To: Chief Strategy and Information Officer

Non Negotiables: UAE National is a must.

Role Summary

We are seeking a highly motivated Mid-Level Threat Hunter with additional responsibility for managing and monitoring privileged access to sensitive systems. This dual-function role combines proactive threat detection with access governance oversight to ensure that Tier 3 systems—containing critical or sensitive data—are accessed only by authorized personnel, for justified and auditable reasons.

Key Responsibilities

Threat Hunting

  • Conduct proactive threat hunting across endpoints, servers, networks, and cloud environments to detect hidden threats or advanced persistent threats (APTs).
  • Use the MITRE ATT&CK framework and threat intelligence to form hypotheses and hunt for indicators of compromise (IOCs).
  • Analyze logs, telemetry, and behavioral patterns from SIEM, EDR, and other telemetry sources to uncover malicious or anomalous activity.
  • Refine detection logic and collaborate with SOC and IR teams to improve alert quality and reduce dwell time.
  • Create and maintain detailed documentation of threat hunting findings, techniques, and lessons learned.
  • Work with IT Operations team to ensure that threats are actively patched based on findings.

Access Governance

  • Coordinate and monitor physical and logical access requests by IT Engineers to Tier 3 systems that contain highly sensitive data.
  • Ensure that all Tier 3 access activities are auditable, time-bound, and traceable, using PAM (Privileged Access Management) systems and access logs.
  • Investigate and escalate anomalies or deviations in access behavior (e.g., excessive duration, irregular timing, or unusual command usage).
  • Work with IT administrators to ensure proper segmentation, role-based access, and zero-trust principles are enforced on sensitive systems.
  • Support internal and external audits with evidence of access control, approval workflows, and threat monitoring related to sensitive system access.

Minimum Qualifications

  • Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or equivalent experience.
  • 2–5 years of relevant experience in cybersecurity roles, including at least 1 year in threat hunting, incident response, or access governance.
  • Proficiency with SIEM and EDR tools (e.g., Splunk, SentinelOne, CrowdStrike), and experience analyzing logs and user behavior.
  • Familiarity with scripting/querying (e.g., Python, KQL, SQL, PowerShell).
  • Experience working with or auditing access via PAM tools (e.g., CyberArk, BeyondTrust, Delinea).
  • Strong understanding of attacker behavior, insider threat risks, and data protection best practices.

Preferred Qualifications

  • Experience supporting access control or cybersecurity governance in regulated environments (e.g., finance, healthcare, government).
  • Familiarity with frameworks such as MITRE ATT&CK, NIST 800-53, ISO 27001, and Zero Trust Architecture.
  • Certifications such as GCTI, GCIH, GCFA, or access governance certifications (e.g., CIMP, CISA) are a plus.
  • Exposure to Identity & Access Management (IAM), RBAC models, and audit workflows.

Key Competencies

  • Excellent written and verbal communication for reporting and stakeholder coordination.
  • Ability to manage both long-term threat investigations and daily access validation duties in parallel.