IR and Threat Hunting Lead SCUT entity

SCUT is an independent entity, Orange Romania being its main shareholder, as part of its strategy to strengthen digital resilience at a national level. The company provides a unified protection service, which offers a complete and modular vision of customer infrastructures, multiple layers of protection and a coordinated response to incidents.

SCUT is supported by an elite team with over 20 years of experience in the field of cybersecurity, but also by the global expertise of Orange Cyberdefense, SCUT's strategic partner. Thus, the entity benefits from the know-how and resources of a group active in over 160 countries, with 18 Security Operations Centers (SOC) and over 250 researchers and analysts.

What We're Looking For
We are looking for a colleague to lead end-to-end Incident Response engagements for customers and to design and execute Threat Hunting scenarios.

What You'll Be Doing

• Lead end-to-end Incident Response engagements for customers — identification, containment, eradication, recovery, and post-incident reporting.
• Design and execute Threat Hunting scenarios tailored to customer environments, industry-specific threats, and current intelligence.
• Create playbooks, runbooks, and hunting queries to standardize and accelerate detection and response.
• Perform log, network, endpoint, and cloud analysis to uncover malicious activity.
• Collaborate with MDR and SOC teams to tune detection rules and improve alert fidelity.
• Act as the primary technical advisor during active incidents, liaising directly with customer security and executive teams.
• Deliver lessons learned workshops and recommend improvements to customer defences.
• Integrate threat intelligence feeds into hunting and investigation processes.

Support pre-sales activities by defining IR and Threat Hunting service scopes, SLAs, and effort estimates

What You Need To Know/have

• Minimum 5 years of experience in Incident Response, Threat Hunting, or SOC leadership roles
• Strong technical skills in endpoint forensics, log analysis, malware analysis, and network traffic analysis.
• Proficiency in EDR/XDR tools (CrowdStrike, Microsoft Defender, Sentinel One, etc.) and SIEM platforms (Splunk, Microsoft Sentinel, QRadar, etc.).
• Solid understanding of Windows, Linux, and cloud (Azure, AWS) environments.
• Knowledge of scripting/automation (Python, PowerShell, Bash) to speed up investigations and hunting.
• Certifications such as GCFA, GCIH, GNFA, CHFI, or equivalent are a plus.
• Familiarity with threat intelligence platforms and advanced adversary emulation techniques.
• Proven expertise in Incident Response (IR) — from containment to recovery — across on-prem, cloud, and hybrid environments.
• Experience building and executing Threat Hunting programs, using both hypothesis-driven and intelligence-led approaches.
• Strong knowledge of attack tactics, techniques, and procedures (TTPs), mapped to frameworks like MITRE ATT&CK.
• Hands-on familiarity with EDR/XDR, SIEM, SOAR, network forensics, and malware analysis tools.
• Ability to work under pressure and make critical decisions in high-stakes security incidents.
• Experience mentoring and coaching security analysts, raising the maturity of detection and response operations.
• Excellent communication — can present clear findings and recommendations to both technical and executive stakeholders.
• Fluent in English (written and spoken)

We encourage all candidate profiles, regardless of gender, age, race, citizenship, ethnicity, color, language, religion, social origin, genetic traits, sexual orientation, permanent or temporary disability, nationality, political choice, social category or social origins, situation or family responsibility, belonging to a disadvantaged category, membership or trade union activity.