Job Title: Mid-Level Threat Hunter & Access Governance Analyst
Department: Cybersecurity / Security Operations
Location: Abu Dhabi, UAE, On-site
Reports To: Chief Strategy and Information Officer
Non Negotiables: UAE National is a must.
Role Summary
We are seeking a highly motivated Mid-Level Threat Hunter with additional responsibility for managing and monitoring privileged access to sensitive systems. This dual-function role combines proactive threat detection with access governance oversight to ensure that Tier 3 systems—containing critical or sensitive data—are accessed only by authorized personnel, for justified and auditable reasons.
Key Responsibilities
Threat Hunting
- Conduct proactive threat hunting across endpoints, servers, networks, and cloud environments to detect hidden threats or advanced persistent threats (APTs).
- Use the MITRE ATT&CK framework and threat intelligence to form hypotheses and hunt for indicators of compromise (IOCs).
- Analyze logs, telemetry, and behavioral patterns from SIEM, EDR, and other telemetry sources to uncover malicious or anomalous activity.
- Refine detection logic and collaborate with SOC and IR teams to improve alert quality and reduce dwell time.
- Create and maintain detailed documentation of threat hunting findings, techniques, and lessons learned.
- Work with IT Operations team to ensure that threats are actively patched based on findings.
Access Governance
- Coordinate and monitor physical and logical access requests by IT Engineers to Tier 3 systems that contain highly sensitive data.
- Ensure that all Tier 3 access activities are auditable, time-bound, and traceable, using PAM (Privileged Access Management) systems and access logs.
- Investigate and escalate anomalies or deviations in access behavior (e.g., excessive duration, irregular timing, or unusual command usage).
- Work with IT administrators to ensure proper segmentation, role-based access, and zero-trust principles are enforced on sensitive systems.
- Support internal and external audits with evidence of access control, approval workflows, and threat monitoring related to sensitive system access.
Minimum Qualifications
- Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or equivalent experience.
- 2–5 years of relevant experience in cybersecurity roles, including at least 1 year in threat hunting, incident response, or access governance.
- Proficiency with SIEM and EDR tools (e.g., Splunk, SentinelOne, CrowdStrike), and experience analyzing logs and user behavior.
- Familiarity with scripting/querying (e.g., Python, KQL, SQL, PowerShell).
- Experience working with or auditing access via PAM tools (e.g., CyberArk, BeyondTrust, Delinea).
- Strong understanding of attacker behavior, insider threat risks, and data protection best practices.
Preferred Qualifications
- Experience supporting access control or cybersecurity governance in regulated environments (e.g., finance, healthcare, government).
- Familiarity with frameworks such as MITRE ATT&CK, NIST 800-53, ISO 27001, and Zero Trust Architecture.
- Certifications such as GCTI, GCIH, GCFA, or access governance certifications (e.g., CIMP, CISA) are a plus.
- Exposure to Identity & Access Management (IAM), RBAC models, and audit workflows.
Key Competencies
- Excellent written and verbal communication for reporting and stakeholder coordination.
- Ability to manage both long-term threat investigations and daily access validation duties in parallel.