Threat Hunter (Digital Risk & Impersonation Monitoring)

We’re hiring!

Threat Hunter (Digital Risk & Impersonation Monitoring)

A threat hunting role focused on detecting, validating, and disrupting online brand abuse—impersonation, phishing, fraudulent domains, counterfeit activity, fake support channels, and related digital threats.

The position monitors external brand-risk alerts, conducts technical investigations, clusters activity into campaigns, and drives takedown and remediation through cross-functional workflows (Security, Legal/IP, Fraud, Trust & Safety, and Customer Operations).

Core Capabilities Needed

Alert Triage & Risk Qualification

· Rapidly triage high-volume brand-risk alerts and apply severity scoring (customer harm potential, reach, credibility, recency, repeat-offender signals).

· Validate true positives vs. authorized brand use with consistent decision criteria and audit-ready documentation.

· Normalize alert data, de-duplicate duplicates/variants, and manage SLAs for time-to-triage and time-to-action.

Technical Investigation & Attribution

· Domain and infrastructure analysis: WHOIS history, registrar patterns, name servers, DNS records, passive DNS pivots, and hosting/provider attribution.

· Certificate intelligence: certificate transparency pivots, SAN/common-name patterns, issuance timelines, and shared certificate artifacts.

· URL/content analysis: redirect chains, landing page kits, brand asset reuse, language targeting, and phishing funnel mapping.

· Email abuse analysis (as applicable): spoofing indicators, header review, SPF/DKIM/DMARC alignment concepts, lookalike sender patterns, and malicious reply-to tactics.

· IOC enrichment: IPs, domains, URLs, hashes, analytics IDs, payment rails, messaging handles, and campaign metadata.

Campaign Clustering & Actor Tradecraft

· Link related alerts into campaigns using infrastructure overlaps, registration fingerprints, shared page templates, tracking/analytics identifiers, and timing correlations.

· Build lightweight actor profiles (TTPs, infrastructure preferences, target segments, recurring lures) and map behaviors to MITRE ATT&CK where useful.

· Identify repeat offenders and propose disruption strategies beyond one-off takedowns (e.g., registrar escalation, provider pattern reporting, proactive monitoring rules).

· Track outcomes and effectiveness: time-to-takedown, reappearance rate, infrastructure rotation tactics, and prevention opportunities.

· Tune detection rules/heuristics to improve precision and reduce noise; maintain playbooks for common abuse types.

Reporting & Stakeholder Communication

· Produce executive-ready briefs translating technical findings into business risk, customer impact, and recommended mitigations.

· Create recurring metrics/dashboards: alert volume trends, true-positive rate, time-to-triage, time-to-takedown, recurrence, top vectors and geographies.

· Coordinate with Security Operations for escalations when activity crosses into incident response territory (credential theft, malware delivery, large-scale fraud).

Background / Experience

· 2–7+ years in threat hunting, threat intelligence, fraud investigations, trust & safety, or brand protection with strong technical investigation work.

· Demonstrated OSINT expertise and comfort with rapid pivots across DNS/CT logs/hosting data and web content analysis.

· Strong written documentation and ability to defend decisions under scrutiny (legal/compliance/audit contexts).

· Preferred: SIEM/SOAR exposure, DMARC policy familiarity, marketplace/social platform enforcement workflows, and experience operating at scale.

Skills:

Sound judgment under ambiguity; consistent, defensible decisions

Clear, concise writing; audit-ready documentation and evidence summaries

Ability to translate technical findings into business risk and customer impact

Operational rigor: prioritization, queue management, and SLA discipline

High attention to detail; reliable case hygiene and follow-through

Analytical curiosity; hypothesis-driven investigative mindset

Pattern recognition; connects disparate signals into coherent campaigns

Composure under pressure; effective during urgent escalations

Resilience handling repetitive/high-volume and potentially distressing content

Discretion and confidentiality with sensitive investigations

Collaborative, low-ego teamwork; constructive feedback and continuous improvement

Comfortable with structured process, metrics, and accountability

Location: Kuala Lumpur, Malaysia

Location:

KLCC, Kuala Lumpur

Salary Negotiable