← Back to Jobs

Threat Hunting Intern

Hunter StrategyRemote

About Our Internship Program Our summer internship program offers emerging cybersecurity professionals a unique opportunity to gain hands-on experience in threat hunting. As a Threat Hunting intern, you’ll be fully embedded within a team for 12 weeks, working alongside experienced hunters on actual investigations, learning the craft from the inside, and building skills that directly reflect what the industry demands. What We Offer • Customized Experience: We match qualified interns with projects and teams based on their interests and skill sets • Real-World Hunts: Contribute meaningfully to live threat hunting operations, not simulated exercises • Dedicated Mentorship: Receive one-on-one guidance from experienced senior threat hunters • Full Team Integration: Experience what it is truly like to work in a mature security team by becoming a valued contributor from day one The Role You will be joining a threat hunting team focused on hypothesis-driven detection of adversary activity across client environments. The team’s mission is to surface what automated tools miss: the subtle, low-and-slow behaviors that signal a determined attacker. As an intern, you will support senior hunters across every phase of the hunt lifecycle, learning by doing and contributing real work to ongoing investigations. As a Threat Hunting Intern, you’ll: • Support senior threat hunters in executing structured hunt missions from initial hypothesis through to final reporting, participating in every phase of the process • Conduct searches and queries across SIEM and EDR platforms to surface anomalous behaviors and gather evidence to validate or refute active hunt hypotheses • Assist in organizing and maintaining hunt hypothesis logs, tracking the reasoning behind each hypothesis, the data sources queried, and the outcomes as hunts progress • Validate hunt results by cross-referencing detections against environmental baselines, threat intelligence, and known-good behavior, distinguishing true positives from noise and documenting your reasoning clearly • Contribute to the drafting of final hunt reports, helping to summarize methodology, findings, and recommendations in a format suitable for both technical team members and non-technical readers • Communicate the results of completed hunts internally, presenting findings in written summaries, team updates, or channel posts with appropriate technical clarity • Assist senior hunters in refining and testing detection queries, helping to identify edge cases, validate logic against real data, and suggest improvements based on observed patterns • Support triage and contextualization of security findings that surface during hunt operations, helping to prioritize and document what matters • Contribute to team knowledge resources by helping document search patterns, field references, hunt playbooks, and lessons learned from completed hunts • Stay current on emerging threats and adversary techniques, bringing relevant threat intelligence into hypothesis discussions and helping connect external context to active hunt priorities Qualifications • Currently pursuing a degree in Cybersecurity, Computer Science, Information Systems, or a related field; or equivalent demonstrated experience through self-study, competitions, or independent work • Demonstrated interest in cybersecurity evidenced through personal projects, CTF participation, home labs, coursework, or active engagement with the security community • Foundational understanding of networking concepts including TCP/IP, DNS, and common protocols, with an ability to recognize when traffic or behavior looks out of place • Basic familiarity with Windows and/or Linux operating systems: understanding of processes, file systems, and logs at a level that supports security investigation • Some exposure to query languages such as KQL, SPL, SQL, or similar; comfort writing structured searches to filter and investigate data is a strong advantage • Awareness of attacker tactics, techniques, and procedures (TTPs) and familiarity with frameworks such as MITRE ATT&CK at a conceptual level • Strong written communication skills, as you will be contributing to internal findings summaries and hunt reports read by experienced practitioners • Detail-oriented and curious working style: the ability to follow evidence methodically, ask the next question, and challenge initial assumptions is central to this work • Comfortable working under the direction of senior team members, asking questions, communicating findings proactively, and flagging blockers early • Any prior exposure to security tooling such as a SIEM, EDR, or log analysis platform is a plus, but not required; we will teach you what you need Program Details Duration: 12 weeks Location: Remote Reports to: Senior Threat Hunter

Apply for this job

We use cookies to improve your experience and analyze site traffic. By clicking "Accept", you agree to our use of cookies as described in our Privacy Policy.