🛡️ Job Description: Defensive Security & Threat Hunter
Position: Defensive Security Specialist (Threat Hunting & SOC Operations)
Location: Remote primary, Brussels / Zaventem, Belgium
Team: Threat Research | Purple Team (SOC-focused)
🔍 About Us
Crimson7 is a cyber‑security leader specializing in Attack Intelligence, blending offensive research with defensive innovation. Our Purple Team services—Deep Purple (project-based) and Purple Rain (continuous)—use collaborative, TTP-driven simulations and detection engineering to elevate SecOps. Crimson7 offers managed defense services, like threat hunting and support to SoC operations.
🎯 Role Summary
You’ll strengthen SOC resilience through proactive threat hunting, detection rule development, and active participation in Purple Team exercises. Your mission: turn threat intelligence into high-fidelity detections and ensure visibility into adversarial TTPs. You’ll get occasionally involved in SecOps and SoC operations with clients in the Banking sector.
🧰 Key Responsibilities
* Execute threat hunting based on evolving threat intelligence and MITRE ATT&CK TTPs.
* Design, deploy, and test detection rules and analytics (e.g., Sigma, YARA, network/endpoint).
* Monitor SOC alerts, escalate incidents, and maintain SOC tooling configurations.
* Participate in Purple Team engagements, feeding hunt outcomes back into simulations.
* Collaborate with offensive/research teams to translate adversary behavior into actionable detection.
* Author clear documentation and reports for technical teams and stakeholders.
* Contribute to detection code repository, community tools, and training material.
🎓 Required Skills & Experience
* 3+ years in SOC, incident response, threat hunting, or detection engineering.
* Proficiency with SIEM tools especially Microsoft Sentinel appreciated, (e.g., Elastic, Splunk, Sentinel) and scripting languages (Python, PowerShell). Knowledge of the KQL language.
* Familiarity with tools development in Python, and or other languages like Go, and Node.js (javascript).
* Strong understanding of MITRE ATT&CK and TTP-driven detection.
* Familiar with identity/AD security, defensive monitoring, endpoint/mobile telemetry.
* Familiarity with CI/CD, Git, and test-driven detection pipelines.
* Proven capabilities to learn fast, adapt to a startup changing environment and willing to take the leap into a growth that might be demanding at the beginning.
* Excellent written and verbal English communication.
âś… Nice-to-Have
* Exposure to Purple Team or Red Team processes.
* Experience with cloud-native telemetry (Azure, AWS, GCP).
* Detection Engineering or automation (e.g., SOAR, Sigma library), Terraform.
* Open-source contributions to security products or published threat hunting work.
🌟 Why Join Us?
* Work at the forefront of Threat Informed Defence, combining offensive research with defensive innovation, going from threat intelligence to detection engineering.
* Play a pivotal role in transforming SOC capabilities through real-world detection engineering and managed Purple Team exercises .
* Be part of a dynamic, skilled team committed to continuous improvement and knowledge sharing.