Job Search
Vulnerability Management / Threat Hunting Consultant, onsite | 1060445
Chicago, Illinois
Contract
Posted 07/10/2026
Job Description
OUR GOAL:
Treat our consultants and clients the way we would like others to treat us!
Interested in joining our team? Check out the opportunity below and apply today!
We are looking for a Vulnerability Management / Threat Hunting Consultant focused on Threat Hunting to proactively identify suspicious, abusive, fraudulent, or adversarial activity across a large-scale digital ecosystem. In this role, you will use data analysis, security expertise, investigative thinking, and cross-functional collaboration to uncover emerging threats, identify detection opportunities, and improve the organization’s ability to detect, understand, and respond to malicious or anomalous behavior.
You will work across high-volume telemetry, security events, product signals, identity data, device or client data, request logs, and other behavioral datasets to develop hypotheses, execute hunts, validate findings, and convert discoveries into durable security outcomes.
- ONSITE – 5 days/week at the client’s headquarters in Chicago (downtown in the loop)
- Location (Time Zone): Central
- Citizenship: US Citizen
This role is ideal for someone who enjoys working with ambiguous security questions, finding patterns in complex data, and turning investigative insights into detections, dashboards, mitigations, and measurable risk reduction.
What You Will Work On
As a Security Analytics Engineer, Threat Hunting, you will lead proactive investigations into suspicious behavior across products, platforms, accounts, devices, networks, and user activity.
You will:
- Develop and execute proactive threat hunts across large-scale security, product, identity, device, network, and application telemetry.
- Formulate clear investigative hypotheses around adversary behavior, fraud, abuse, automation, account compromise, credential attacks, platform misuse, data misuse, and anomalous activity.
- Analyze high-volume request, authentication, session, device, client, and application logs to identify suspicious patterns and emerging threats.
- Identify new behavioral signals that can improve anomaly detection, classification, fraud prevention, abuse detection, and security monitoring.
- Build repeatable analyses that distinguish normal behavior from suspicious, automated, abusive, or adversarial activity.
- Investigate anomalous request patterns, error patterns, device behavior, account behavior, and access activity to identify potential risks or control gaps.
- Develop dashboards, metrics, and reporting that communicate threat activity, detection coverage, security posture, and risk trends to technical and non-technical stakeholders.
- Partner with detection engineering, incident response, product security, fraud, data science, platform engineering, and product teams to turn hunt findings into durable controls.
- Recommend improvements to logging, telemetry, instrumentation, alerting, detection logic, and response workflows.
- Document hunt plans, investigative methods, findings, assumptions, evidence, limitations, and recommended actions.
- Help mature the threat hunting practice by improving hunt planning, outcome tracking, signal development, data quality, and detection feedback loops.
Example Threat Hunting Problems
In this role, you may investigate questions such as:
- Are there account behaviors that suggest credential stuffing, account takeover, session hijacking, or unauthorized access?
- Are there abnormal request patterns that suggest automation, scraping, abuse, bot activity, or scripted interaction?
- Are attackers adapting their behavior in ways that current detections do not capture?
- Are there device, client, API, or application attributes that correlate with suspicious or high-risk behavior?
- Are there unusual authentication, authorization, session, or access patterns across users, services, regions, or platforms?
- Are existing detections producing meaningful security value, or do they need better signals, thresholds, enrichment, or tuning?
- Are there telemetry gaps that prevent the organization from confidently detecting or investigating specific threats?
- Are there recurring anomalies that indicate product abuse, control bypass, misconfiguration, or emerging adversary tradecraft?
Key Responsibilities
Threat Hunting and Investigation
- Lead structured threat hunts from initial question through analysis, validation, documentation, and follow-up action.
- Translate threat intelligence, incident trends, fraud patterns, abuse reports, and security observations into testable hunt hypotheses.
- Perform deep analysis of logs, events, alerts, behavioral signals, and large-scale datasets.
- Identify suspicious patterns, outliers, trends, clusters, and deviations from expected behavior.
- Validate whether observed behavior represents benign activity, suspicious activity, abuse, fraud, or confirmed security risk.
Detection and Signal Development
- Develop new signals for detection, classification, anomaly identification, and investigation.
- Partner with engineering and security teams to convert hunt findings into production detections, alerts, dashboards, or automated mitigations.
- Improve existing detections by reducing noise, increasing fidelity, adding context, and identifying better behavioral indicators.
- Evaluate detection effectiveness and identify opportunities to improve coverage across threat types, attack stages, assets, products, or user populations.
Data Analysis and Security Metrics
- Use SQL, Python, and large-scale data platforms to analyze complex security and product telemetry.
- Build dashboards and metrics that help stakeholders understand threat activity, control effectiveness, detection coverage, and risk trends.
- Quantify the impact of suspicious activity, abuse patterns, security gaps, and mitigation opportunities.
- Identify data quality issues, logging gaps, missing context, and instrumentation needs.
Cross-Functional Partnership
- Collaborate with product, engineering, security, fraud, data science, data engineering, and incident response teams.
- Communicate findings clearly to both technical and non-technical audiences.
- Recommend practical mitigations based on customer impact, business impact, technical feasibility, and risk reduction.
- Drive findings from discovery to measurable improvement, including detection updates, product changes, logging improvements, or response playbooks.
Desired Skills and Background
We are looking for someone who is passionate about protecting users, products, platforms, and systems through proactive, data-driven security work.
A strong candidate will have:
- Experience in threat hunting, security analytics, fraud analysis, abuse detection, incident investigation, detection engineering, or adversary-focused data analysis.
- Strong analytical skills using SQL and large-scale data tools such as Presto, Spark SQL, BigQuery, Snowflake, Databricks, Python, or similar technologies.
- Experience analyzing authentication logs, application logs, API logs, network telemetry, endpoint data, cloud logs, device telemetry, or product behavior data.
- Experience developing signals for anomaly detection, classification, fraud detection, abuse prevention, or security monitoring.
- Familiarity with common fraud, abuse, and security threat types such as account compromise, credential attacks, automation, bot activity, scraping, platform misuse, phishing, malware, DDoS, insider risk, or unauthorized access.
- Ability to translate ambiguous security questions into structured analyses and actionable findings.
- Strong understanding of how attackers, fraudsters, or abusive actors adapt behavior to evade controls.
- Experience evaluating detection quality, including false positives, false negatives, coverage gaps, signal quality, and operational usefulness.
- Ability to identify data quality issues and recommend improvements to telemetry, logging, enrichment, or instrumentation.
- Strong written and verbal communication skills.
- Strong collaboration skills and the ability to influence across security, engineering, product, and data teams.
- Curiosity, skepticism, and comfort operating in ambiguous environments where the answer is not known in advance.
Preferred Qualifications
Preferred qualifications may include:
- Experience working in a high-scale technology, SaaS, consumer product, cloud, marketplace, financial, gaming, media, or platform environment.
- Experience with security frameworks, adversary behavior models, fraud taxonomies, or detection coverage mapping.
- Experience building or tuning detections in SIEM, data lake, cloud security, endpoint, identity, or custom detection platforms.
- Experience with statistical analysis, behavioral modeling, clustering, anomaly detection, or machine learning-assisted investigation.
- Experience partnering with incident response, trust and safety, fraud, product security, or abuse prevention teams.
- Experience building dashboards, executive reporting, or security posture metrics.
- Experience documenting repeatable hunt methods, playbooks, or investigation workflows.
Reference: 1060445
Don’t meet every single requirement? Studies have shown that women and people of color are less likely to apply to jobs unless they meet every qualification. At Revel IT, we are dedicated to building a diverse, inclusive, and authentic workplace, so if you’re excited about this role, but your experience doesn’t align perfectly with every qualification in the description, we encourage you to apply anyway. You might be the right candidate for this or our other open roles!
Revel IT is an Equal Opportunity Employer. Revel IT does not discriminate on the basis of race, religion, color, sex, gender identity, sexual orientation, age, non-disqualifying physical or mental disability, national origin, veteran status or any other basis covered by appropriate law. All employment is decided on the basis of qualifications, merit, and business need.
#gdr4900
Job ID:
1060445
Related Jobs
Apply Now
"*" indicates required fields