Threat Hunter

Would you like to join a company that puts people at the heart of its concerns? We are waiting for you Since 2007, Extia, an IT consulting company, has been offering a unique approach in its field by combining well-being at work and performance.

Our philosophy at Extia is "First who, then what", so let's go for it

First who?

• A force of proposal, you are never short of solutions
• Great communicator, you have the ability to drive alignment and change across different teams or situations
• Strategic mindset with strong leadership qualities

Then what?

We are seeking an experienced security specialist to join our client and act as a lead within their SOC team, focusing on proactive threat hunting, digital forensics, and Azure cloud investigations. The role involves guiding and supporting the security team while remaining hands-on in threat hunting activities. There's also occasional backup to SOC analysts or night work involved.

Responsibilities:

• Lead and support the SOC security team, providing guidance and acting as a point of reference for analysts.
• Conduct hypothesis-driven threat hunts across Azure environments using Microsoft Sentinel and Microsoft Defender.
• Perform advanced digital forensics, malware analysis, and incident timeline reconstruction.
• Document threat hunting playbooks and reflex sheets; mentor SOC analysts to increase maturity on this scope.
• Provide temporary backup to L2 analysts on demand, including nights/on-call if required.
• Collaborate with the build/use case factory teams on new detection use cases, scope increase and purple-team style exercises.

Requirements:

• Mandatory: Deep expertise in Microsoft Sentinel (KQL) and Microsoft Defender; strong Azure security knowledge (identities, networking, workloads).
• Advanced threat hunting techniques (including MITRE ATT&CK) and data forensics (memory, disk, and log analysis).
• Nice to have: GitLab, JFrog Artifactory, Kubernetes/AKS, YARA/Sigma rules.
• Certifications (nice to have): SC-200 (Microsoft Security Operations Analyst), AZ-500 (Azure Security Engineer), AZ-104 (Azure Administrator); GCIH and/or GCFA.
• Prior leadership background or a strong senior profile capable of taking on a lead function.

This position requires on-site presence 3 days per week (Bucharest office).

Do you recognize yourself in the "Who" and represent the "What"? Apply and let's talk