**Job** **Summary** The Senior Threat Hunter leads advanced threat hunting activities, utilizing cutting-edge tools, techniques, and tactics to identify and neutralize emerging threats before they can impact the business. The analyst will leverage a deep understanding of the threat landscape, attack techniques, and the latest trends in cybercrime to actively hunt for threats across the organization’s network and systems. As a subject matter expert in threat intelligence, the individual will collect, analyze, and disseminate intelligence on cyber adversaries, helping shape the organization's defense posture and incident response strategies. This position requires the ability to correlate intelligence from multiple sources, understand adversary tactics, techniques, and procedures (TTPs), and apply that knowledge to enhance detection capabilities and drive actionable security measures. Additionally, the role will lead incident response efforts, particularly for high-impact security events, taking charge of investigations, root cause analysis, and remediation. The analyst will collaborate with various teams, including IT, engineering, and security operations, to strengthen threat detection capabilities, ensure security controls are functioning effectively, and build a culture of awareness across the organization. This is a senior-level role requiring a highly analytical, detail-oriented, and technically proficient individual with a strong ability to translate complex cyber threat data into actionable security intelligence. The individual will also mentor and guide junior analysts, contribute to refining processes, and ensure that the organization remains resilient against the evolving and ever-complex cyber threat landscape. **Expected** **Contributions** + **Threat Hunting** : Leads proactive threat hunting initiatives to identify and mitigate advanced persistent threats (APTs) and other sophisticated cyber adversaries. Utilizes advanced tools and techniques to uncover hidden threats within the organization's network. + **Threat Intelligence Analysis:** Conducts in-depth analysis of cyber threat intelligence to identify emerging threats, attack vectors, and tactics, techniques, and procedures (TTPs) used by threat actors. Provides actionable intelligence to inform security strategies and incident response plans. + **Incident Response Leadership:** Takes a leading role in managing and coordinating responses to complex security incidents. Performs detailed analysis to determine the root cause and impact, utilizing a broad range of experience to guide the organization through the incident lifecycle. + **Collaboration and Knowledge Sharing** : Works closely with internal teams, including Security Operations, IT, and Engineering, to share threat intelligence and enhance detection and response capabilities. Mentors and trains junior analysts, fostering a culture of continuous learning and improvement. + **Security Tool Optimization:** Evaluates and optimizes security tools and technologies, such as SIEM, EDR, and threat intelligence platforms, to improve threat detection and response capabilities. Ensures these tools are effectively integrated into the organization's security architecture. + **Reporting and Documentation:** Prepares and delivers comprehensive reports on threat intelligence findings, incident analyses, and recommendations to senior leadership. Documents methodologies, processes, and lessons learned to enhance future threat detection and response efforts. + **Continuous Learning and Development** : Stays abreast of the latest cyber threat trends, attack methodologies, and security technologies. Participates in industry groups, conferences, and forums to maintain a high level of expertise in the rapidly evolving field of cyber threat intelligence. **Candidate** **Profile** **Education** + Bachelor’s degree in information technology or related discipline or equivalent work experience. **Certifications Preferred** + Splunk Enterprise Security Certified Admin + Splunk Certified Cybersecurity Defense Analyst + Certified Cyber Threat Hunting Professional (CCTHP) + GIAC Certified Incident Handler (GCIH) + Certified Information Systems Security Professional (CISSP) + Certified Cyber Threat Hunter (CCTH) + Certified Ethical Hacker (CEH) **Experience** + At least 7 years of progressive experience in cybersecurity, with a strong focus on threat hunting, incident response, and threat intelligence analysis. + Hands-on experience with threat-hunting techniques, including anomaly detection, network traffic analysis, and deep packet inspection. + Extensive experience collecting, analyzing, and disseminating threat intelligence from multiple sources, such as open-source intelligence (OSINT), commercial threat intelligence feeds, and government advisories. + Strong background in leading incident response activities, including identifying, containing, and remediating security incidents. + Experience working closely with Security Operations Center (SOC) teams, IT operations, and engineering to optimize security tool configurations, improve detection rules, and ensure security controls are effectively integrated into the network environment. + Experience using a variety of security technologies, such as SIEM (Security Information and Event Management) systems, EDR (Endpoint Detection and Response) platforms, threat intelligence platforms, and network traffic analysis tools. **Skills/Attributes** + Analytical and Strategic Thinking + Exceptional analytical skills to interpret complex data and identify sophisticated threats. + Technical + Advanced understanding of cyber threat hunting. + Threat Intelligence Gathering: Collect and analyze threat intelligence from various sources, including open-source intelligence (OSINT), industry reports, and internal data. + Demonstrated understanding of the threat intelligence life cycle, network threats, attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques and procedures (TTPs). + Knowledgeable in security incident response process, network forensics and host-based forensics. + Advanced EDR Solutions: Expertise with tools such as CrowdStrike Falcon, Carbon Black, or similar. + SIEM Platforms: In-depth experience with platforms like Splunk, QRadar, or Sentinel. + Forensic Tools: Proficiency with forensic tools such as EnCase, FTK, or SIFT Workstation. + Threat Intelligence Platforms: Use of platforms like Recorded Future, ThreatConnect, or similar. + Scripting and Automation: Strong skills in scripting languages (e.g., Python, PowerShell) to automate threat-hunting processes. + Interpersonal Skills + **Communication** : Proven verbal and written communication skills to convey technical concepts to non-technical stakeholders in easy-to-understand ways. + Collaboration: Proven ability to collaborate within the Global Technology organization at all levels, vendors, and Managed Service providers to architect solutions and oversee successful project implementations. + Additional Attributes + Ability to multi-task, problem solve and meet deadlines. + Willingness to work outside of regular business hours as required which can include evenings, weekends, and holidays. Marriott Vacations Worldwide is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture. Marriott Vacations Worldwide is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture