Job Description: Defensive Security & Threat HunterPosition: Defensive Security Specialist (Threat Hunting & SOC Operations)Location: Remote primary, Brussels / Zaventem, BelgiumTeam: Threat Research | Purple Team (SOC-focused) About UsCrimson7 is a cyber‐security leader specializing in Attack Intelligence, blending offensive research with defensive innovation. Our Purple Team services—Deep Purple (project-based) and Purple Rain (continuous)—use collaborative, TTP-driven simulations and detection engineering to elevate SecOps. Crimson7 offers managed defense services, like threat hunting and support to SoC operations. Role SummaryYou’ll strengthen SOC resilience through proactive threat hunting, detection rule development, and active participation in Purple Team exercises. Your mission: turn threat intelligence into high-fidelity detections and ensure visibility into adversarial TTPs. You’ll get occasionally involved in SecOps and SoC operations with clients in the Banking sector. Key ResponsibilitiesExecute threat hunting based on evolving threat intelligence and MITRE ATT&CK TTPs.Design, deploy, and test detection rules and analytics (e.g., Sigma, YARA, network/endpoint).Monitor SOC alerts, escalate incidents, and maintain SOC tooling configurations.Participate in Purple Team engagements, feeding hunt outcomes back into simulations.Collaborate with offensive/research teams to translate adversary behavior into actionable detection.Author clear documentation and reports for technical teams and stakeholders.Contribute to detection code repository, community tools, and training material. Required Skills & Experience3+ years in SOC, incident response, threat hunting, or detection engineering.Proficiency with SIEM tools especially Microsoft Sentinel appreciated, (e.g., Elastic, Splunk, Sentinel) and scripting languages (Python, PowerShell). Knowledge of the KQL language.Familiarity with tools development in Python, and or other languages like Go, and Node.js (javascript).Strong understanding of MITRE ATT&CK and TTP-driven detection.Familiar with identity/AD security, defensive monitoring, endpoint/mobile telemetry.Familiarity with CI/CD, Git, and test-driven detection pipelines.Proven capabilities to learn fast, adapt to a startup changing environment and willing to take the leap into a growth that might be demanding at the beginning. Excellent written and verbal English communication. Nice-to-HaveExposure to Purple Team or Red Team processes.Experience with cloud-native telemetry (Azure, AWS, GCP).Detection Engineering or automation (e.g., SOAR, Sigma library), Terraform.Open-source contributions to security products or published threat hunting work. Why Join Us?Work at the forefront of Threat Informed Defence, combining offensive research with defensive innovation, going from threat intelligence to detection engineering.Play a pivotal role in transforming SOC capabilities through real-world detection engineering and managed Purple Team exercises .Be part of a dynamic, skilled team committed to continuous improvement and knowledge sharing.