Share this Job
Information Technology

Senior Cyber Security Threat Hunter

What we offer

Our company culture is focused on helping our employees enable innovation by building breakthroughs together. How? We focus every day on building the foundation for tomorrow and creating a workplace that embraces differences, values flexibility, and is aligned to our purpose-driven and future-focused work. We offer a highly collaborative, caring team environment with a strong focus on learning and development, recognition for your individual contributions, and a variety of benefit options for you to choose from. Apply now!



We are looking for Cyber Threat Hunters to join the SAP Global Security Operations Team to help defend our networks from sophisticated threats. Our Cyber Threat Hunters are responsible for seeking out threats and attempts to evade our cyber defenses. The team also develops custom analytics and tradecraft to isolate malicious actors’ activities and works with other teams across the Global Security Operations construct to contain and eradicate threats.


The Role:

In this role, you will hunt for cyber threats in our networks using our suite of cyber tools. You will use your understanding of attack vectors to seek out threats looking to exploit those networks to gain unauthorized access to our sensitive data. This position requires creative thinkers who are able to develop and field new methods for detecting malicious activity. This is an opportunity to take a new approach to cyber defense and help us build a world class threat detection organization.


Role Requirements:

We are looking for experienced and motivated Cyber Threat Hunters who have at least 3 years of experience working as one or a combination of the following: Security Operations Center (SOC) analyst, incident responder, cyber threat intelligence analyst, or malware engineer. The ideal candidate should work well individually as well as on a team. This individual should also be a self-starter who has experience leading teams and building new capabilities.


Basic Qualifications:


  • A Bachelor’s degree from an accredited institution in one of the following areas: Cybersecurity, Computer Science, Information Technology, Information Assurance, Electrical Engineering, Computer Engineering, Computer Forensics, or a related program.
    • Candidates without college degrees will also be considered provided that they have an equivalent amount of experience.
  • At least one industry standard security certification (e.g. Security+, GCIA, GCIH, GCFA, GCNA, CEH, CISSP, etc.) is preferred.
    • Candidates without security certifications who can demonstrate proficiency in relevant technical areas are also encouraged to apply.
  • Strong technical knowledge in at least one of the following areas:
    • Endpoint Security and Endpoint Detection & Response tools (e.g. Symantec, McAfee, Sophos, Microsoft Defender for Endpoint (ATP), Tanium, CrowdStrike, etc.)
    • Windows/AD file systems, registry functions, and memory artifacts
    • Unix/Linux file systems and memory artifacts
    • MacOS file systems and memory artifacts
    • Database, web application, cloud, and/or mobile device cyber incident response principles and techniques
    • Cybersecurity automation (e.g. Phantom, Demisto, etc.)
    • Application, service, and machine log analysis
    • Common application-layer protocols (e.g. DNS, HTTP, TLS, SMB)
    • Network traffic metadata extraction and analysis using common packet capture utilities (e.g. Wireshark, tcpdump, Bro/Zeek, Snort, Suricata, etc.)
    • Malware analysis using sandboxes or other capabilities
    • Digital forensics and incident response
  • Experience using and searching across Security Information and Event Monitoring (SIEM) platforms (e.g. Splunk, Qradar, LogRhythm, etc.) is highly desired
    • Candidates who lack this experience but demonstrate strong technical knowledge across multiple focus areas (see above) will also be considered.
  • Knowledge of Advanced Persistent Threat (APT) actors and associated tools, techniques, and procedures (TTPs)
  • Operational knowledge of open-source and proprietary Cyber Threat Intelligence data, to include the use of threat taxonomies, models (e.g. MITRE ATT&CK,), and Indicators of Compromise (IOCs)
  • Experience with one or more scripting languages (e.g. Bash, Python, Perl, PowerShell, etc.)
    • Candidates without scripting skills will also be considered but will be expected to develop basic proficiency within the first year of employment.
  • Other desirable qualities:
    • Strong critical thinking skills
    • Strong interpersonal skills
    • Strong communication skills (written and verbal)
    • Experience with providing oral and written briefings to executive leadership




We are SAP

SAP innovations help more than 400,000 customers worldwide work together more efficiently and use business insight more effectively. Originally known for leadership in enterprise resource planning (ERP) software, SAP has evolved to become a market leader in end-to-end business application software and related services for database, analytics, intelligent technologies, and experience management. As a cloud company with 200 million users and more than 100,000 employees worldwide, we are purpose-driven and future-focused, with a highly collaborative team ethic and commitment to personal development. Whether connecting global industries, people, or platforms, we help ensure every challenge gets the solution it deserves. At SAP, we build breakthroughs, together.


Our inclusion promise

SAP’s culture of inclusion, focus on health and well-being, and flexible working models help ensure that everyone – regardless of background – feels included and can run at their best. At SAP, we believe we are made stronger by the unique capabilities and qualities that each person brings to our company, and we invest in our employees to inspire confidence and help everyone realize their full potential. We ultimately believe in unleashing all talent and creating a better and more equitable world.


SAP is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to the values of Equal Employment Opportunity and provide accessibility accommodations to applicants with physical and/or mental disabilities. If you are interested in applying for employment with SAP and are in need of accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to Recruiting Operations Team: Americas: Careers.NorthAmerica@sap.com or Careers.LatinAmerica@sap.com, APJ: Careers.APJ@sap.com, EMEA: Careers@sap.com.


EOE AA M/F/Vet/Disability:

Qualified applicants will receive consideration for employment without regard to their age, race, religion, national origin, ethnicity, age, gender (including pregnancy, childbirth, et al), sexual orientation, gender identity or expression, protected veteran status, or disability.

Successful candidates might be required to undergo a background verification with an external vendor.

 Requisition ID:308790 | Work Area: Information Technology | Expected Travel: 0 - 10% | Career Status: Professional | Employment Type: Regular Full Time  | Additional Locations: Virtual - USA

Senior Cyber Security Threat Hunter

Facility:  308790
Posted Date:  Nov 2, 2021
Work Area:  Information Technology
Career Status:  Professional
Employment Type:  Regular Full Time
Expected Travel:  0 - 10%

Bellevue, WA, US, 98004

Nearest Major Market: Seattle
Nearest Secondary Market: Bellevue

Job Segment: ERP, Engineer, Cyber Security, Electrical, Security, Technology, Engineering