Threat Hunter & Incident Responder

S21sec by Thales is looking for a Threat Hunter and Incident Responder to be a key member of these services, able to track APT groups within customer and investigate and perform forensic work within critical incidents on customer.

Job Summary :

The role combines proactive threat hunting with reactive incident response, ensuring both early detection and effective containment of cyber threats. To actively reduce dwell time, minimize business impact, and increase resilience by combining proactive hunting with decisive and structured response to cyber incidents

Job Responsabilities :

Conduct proactive threat hunting across endpoints, networks, and cloud environments to identify hidden adversary activity and advanced persistent threats (APTs).

Analyze logs, telemetry, and threat intelligence to detect anomalies, suspicious behaviors, and emerging attack techniques.

Develop and refine hunting hypotheses, detection rules, and queries aligned with MITRE ATT&CK tactics and techniques. Lead and support incident response investigations, including triage, forensic analysis, root-cause identification, containment, and remediation.

Perform host- and network-level analysis (malware, memory, packet captures, system artifacts) to assess the scope and impact of intrusions.

Job Requirements :

Strong knowledge of operating systems internals (Windows, Linux, macOS) and network protocols (TCP / IP, HTTP, DNS, etc.). Proficiency with SIEM, EDR, and log analysis platforms (e.g., Splunk, Sentinel, Elastic, CrowdStrike, Carbon Black). Experience in threat hunting methodologies and creating detection queries mapped to MITRE ATT&CK. Hands-on experience with incident response : triage, containment, forensics, and malware analysis. Ability to analyze artifacts and evidence (registry, memory, disk, logs, network captures).

Education and Training Skills :

Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or equivalent experience.

3–5+ years of experience in cybersecurity, ideally within Threat Hunting, Incident Response, or DFIR roles.

Languages : EN - C1

At S21sec we consider ourselves disruptive when it comes to organising the way we want to work. That's why we are constantly innovating our policies, to enable employees to enjoy a real work-life balance. Tell us what you want, and you will find it at S21sec.

• Would you like to have up to 43 days off per year? At S21sec you can organise your working day to increase the 24 days of holiday we offer you. How?
• You can spread your annual working hours over the year and enjoy one Friday off per month or 12 Fridays off per year.
• You can choose between an intensive working day of 7 hours a day from Monday to Friday in July and August, or continue with the same working day as before and then add 5 days off to enjoy during the current year.
• Do you want to maximise your net salary?

At S21sec you can decide which Flexible Remuneration package (Restaurant Card, Transport Card, Childcare Vouchers and Training Vouchers) best suits your needs.

At S21sec you have an Annual Training Plan (based on technical certifications, languages, soft skills training...).

At S21sec we count on the voluntary participation of the Speakers programme.

At S21sec we have an Annual Bonus Policy, based on KPIs.

Because we are not all the same, at S21sec you can decide whether to develop your career in Cybersecurity by focusing on team management or specialise in one of the technical areas with our experts.

If you are passionate about cybersecurity, we are the company for you. We are waiting for you!