Information Security Analyst at Eurofins

SUMMARY OF POSITION AND OBJECTIVES: As part of the Threat Hunting function within Eurofins Information Security, you will lead proactive detection of advanced threats by actively searching for adversaries that evade traditional security controls. This role goes beyond alert-driven SOC work, focusing on hypothesis-driven hunting, deep telemetry analysis, and uncovering stealthy attacker behavior across endpoints, networks, identities, and cloud environments. You will combine strong technical expertise, attacker tradecraft knowledge, and analytical thinking to identify unknown threats, validate detection gaps, and improve Eurofins’ overall detection and response posture. This is a hands-on technical role for professionals who enjoy diving deep into data, thinking like an adversary, and turning weak signals into actionable security insights. POSITION & OBJECTIVES:                          Job Description: Conduct proactive, hypothesis-driven threat hunting across endpoint, network, identity, cloud, and application telemetry Develop and execute hunt scenarios based on threat intelligence, MITRE ATT&CK techniques, and emerging adversary TTPs Analyze large datasets from SIEM, EDR/XDR, NDR, identity platforms, and cloud logs to uncover anomalous or malicious activity Identify detection gaps and collaborate with detection engineering teams to create or improve rules, analytics, and alerts Investigate low-fidelity or weak signals that fall below traditional alert thresholds but may indicate attacker presence Leverage scripting and automation to accelerate hunts, data enrichment, and large-scale analysis Collaborate with incident response teams during active investigations to provide deep technical analysis and attacker context Validate and refine hypotheses through iterative testing, purple team exercises, and adversary emulation activities Translate hunt findings into actionable outcomes: new detections, improved telemetry coverage, and documented attacker behaviors Document hunt methodologies, findings, assumptions, and lessons learned in a structured and repeatable manner Continuously research emerging threats, tools, techniques, and attack campaigns relevant to Eurofins’ environment.   Technical Knowledge: Strong understanding of threat hunting methodologies (hypothesis-driven, data-driven, intelligence-led hunting) Deep knowledge of attacker TTPs and the MITRE ATT&CK framework across multiple platforms (Windows, Linux, cloud, identity) Hands-on experience with SIEM platforms (e.g., Splunk, Elastic, QRadar) and advanced query languages (KQL, SPL, Lucene, SQL-like queries) Strong experience with EDR/XDR platforms (e.g., Microsoft Defender, CrowdStrike, SentinelOne) and endpoint telemetry analysis Solid understanding of Windows internals, Linux systems, Active Directory, authentication flows, and identity attacks Experience analyzing network traffic, DNS, proxy, firewall, and cloud control plane logs Familiarity with cloud attack techniques (Azure/AWS/GCP), SaaS abuse, and identity-based attacks Ability to correlate telemetry across multiple data sources to reconstruct attacker timelines Scripting and automation skills in Python, PowerShell, or Bash for hunting and data analysis Experience working closely with detection engineering, SOC, IR, red team, and threat intelligence functions   Personal Qualities: Excellent verbal and written communication skills (concise writing and oral convincing) Eager to learn and continuously develop personal and technical capabilities. Proactive and self-driven, comfortable operating with minimal direction. Excellent interpersonal, analytical, detail-oriented, and problem-solving skills. Proactive personality who can adapt to changing priorities and a keen analytical mindset to investigate cases. Good team player with ability to work with team spread across the world.   What we offer: Opportunity to grow in a demanding, fast-growing organization. Very attractive, multicultural and friendly work environment in fast-growing international company (more than 65 000 employees now) Possibility to grow and make the next step in your professional career and self-development. A launch pad into various opportunities – within many business lines of Eurofins globally A chance to become part of a highly motivated international team of professionals.   QUALIFICATIONS AND EXPERIENCE REQUIRED: BE / B.Tech / MCA or equivalent degree 4+ years of hands-on experience in cybersecurity roles such as SOC, threat hunting, detection engineering, or incident response Proven experience working with large-scale security telemetry and investigative analysis Certifications (e.g., GCFE, GCIA, GCFA) are a plus but not mandatory if strong practical experience is demonstrated