Senior Threat Hunter
Technology is at the heart of driving Admiral’s business.
About Admiral Tech
With a history of innovation, UK financial services leader Admiral Group continues to expand our world-class Tech department in Canada.
From Cloud through to DevOps, our technology department comprises over 600 people and is an exciting and fast-paced environment. If you’re looking for a technically challenging and rewarding role with outstanding support and opportunities for progression, you’ve come to the right place.
About Admiral Canada
One of the UK’s most recognizable insurance and financial service providers, Admiral offers insurance, loans, and various other products to over 9.1 million international customers.
In 2007, Admiral launched its Canadian office in Halifax with a small group of 20 staff. Today, we employ over 400 people throughout Nova Scotia who support our UK customers with home and motor insurance policies.
In 2022, we launched our Cyber Security team in Canada, providing wrap-around global support to our business. With the industry’s forward momentum and a vibrant, homegrown talent pool of up-and-coming professionals, we’ve quickly become a formidable tech option within Admiral Group.
Read more about Admiral Cyber Security in Canada
About the Job – Senior Threat Hunter
The Security Operations Centre (SOC) is part of Admiral Group’s Security Operations function. The SOC is seeking an experienced Threat Hunter to join its team in Canada. The Senior Threat Hunter will focus on developing and enhancing threat hunts across the Admiral estate. These threat hunts are categorized into three primary types: Intelligence (Structured), Entity, and Data (Unstructured). The Senior Threat Hunter will ensure that playbook threat hunts are updated in response to the evolving tactics, techniques, and procedures (TTPs) of threat actors.
Additionally, the Senior Threat Hunter will review analytical investigation techniques and introduce new methods to the team. They will serve as a point of escalation for other Threat Hunters in the department.
To succeed in this role, candidates must collaborate across the business to collect, synthesize, and communicate relevant outputs. Therefore, the ideal candidate should possess a diverse skill set acquired from varied work experiences while working within a team to maintain pace and relevance in a rapidly changing external landscape.
Responsibilities
Analyse threat actor tactics, techniques, and procedures (TTP) to build hypotheses and hunting campaigns using available data sources.
Conduct threat hunts within Admiral, collect results, and implement necessary actions.
Review and maintain existing threat hunts.
Develop innovative techniques to enhance existing detection logic.
Consume and prioritize a wide range of intelligence reports from the Threat Intelligence team regarding the threat landscape and credible adversarial TTPs.
Liaise with other business functions, such as Threat Emulation, to understand their operations and conduct threat hunts for anomalous behaviour.
Collaborate with the broader team and share knowledge for ongoing improvements.
Essential Skills and Experience Required
Minimum of 4 years’ experience in cybersecurity, with expertise in a threat hunting role.
Working understanding of structured and unstructured threat hunting.
Proficiency in intelligence-driven and entity-based threat hunting techniques.
Ability to analyse and map intelligence to offensive TTPs and indicators of attack (IOA), building hypotheses and efficient hunt queries across data platforms (SIEM/EDR, etc.).
Strong attention to detail and excellent problem-solving skills.
Ability to perform statistical and behavioural analysis to detect anomalies in large datasets.
Working knowledge of Python scripting.
Understanding of the cyber threat landscape within financial services, including threat actors, attack paths, tactics, techniques, and procedures, along with effective countermeasures in a financial services environment.
Proven analytical, report-writing, and verbal briefing abilities.
Ability to approach challenges independently, work as part of a team, and be responsive to feedback.
Desirable Skills
Experience in developing and debugging Indicators of Attack (IOA).
Experience in Python scripting for data analytics and visualization (e.g., Jupyter Notebook, NumPy, Pandas, etc.).
Salary, Benefits and Work-Life Balance
We believe in offering a competitive salary and remuneration package that reflects the experience and qualifications of the successful candidate. We welcome CVs from all candidates who meet the requirements, and we are happy to discuss the details of the compensation package.
Admiral takes pride in being a diverse business that prioritises its people and customers. We offer great benefits to ensure our employees have an exceptional work-life balance, which is a key reason why we consistently rank as one of Canada’s and the world’s best workplaces. You will have an element of scheduling autonomy to strike an appropriate balance between personal flexibility and business needs.
All colleagues at Admiral are entitled to 34 days of paid time off annually, which includes statutory holidays. As you continue your service with us, the amount of paid time off will increase, up to a maximum of 39 days, including statutory holidays. We believe in providing ample time for rest and rejuvenation.
You can view some of our other key benefits here.
Our Commitment to You
Admiral is committed to fostering a diverse and inclusive workplace. We are proud to be an equal opportunities employer and do not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, ability, age, family status, or any other legally protected status. We believe that all qualified applicants should receive equal consideration for employment.