Instead of waiting for an alert, you go looking β proactively hunting through a network on the assumption that an attacker is already inside and just hasn't been caught. Searching for the intruder before the alarm sounds.
The work is hypothesis-driven and investigative β forming a theory about how an attacker might hide, then digging through logs, endpoints, and traffic to prove or kill it. You assume the alerts missed something, and you're hunting for what's been deliberately concealed. Much of the craft is thinking like an attacker to find their tracks.
Maturity of the program shapes the role. Well-resourced teams give hunters time, tools, and data; leaner ones squeeze hunting between firefights. The work demands deep knowledge and patience, results aren't guaranteed, and many hunts end finding nothing at all. For some, the challenge is proving value when success is often silence.
It tends to fit the deeply curious and self-directed β senior-minded people comfortable chasing a hunch with no guarantee it pans out. If you want clear tasks and quick wins, open-ended hunting may frustrate. But if outmaneuvering an attacker who thinks they're hidden is the thrill, the role is advanced and highly valued.
Where this role sits in the broader career landscape β and where it can take you.
Roles like this one sit within a broader occupational category. The numbers below reflect that full landscape β helpful for context, but your specific experience will depend on level, specialty, and where you work.
No skills data available
Roles with similar work and overlapping career paths
View all Technology roles βTruest gives you tools to understand your strengths, explore roles that fit, and plan your next move.
Explore Truest career tools