Threat Hunting Intern

About Our Internship Program

Our summer internship program offers emerging cybersecurity professionals a unique opportunity to gain hands-on experience in threat hunting. As a Threat Hunting intern, you’ll be fully embedded within a team for 12 weeks, working alongside experienced hunters on actual investigations, learning the craft from the inside, and building skills that directly reflect what the industry demands.

What We Offer

• Customized Experience: We match qualified interns with projects and teams based on their interests and skill sets

• Real-World Hunts: Contribute meaningfully to live threat hunting operations, not simulated exercises

• Dedicated Mentorship: Receive one-on-one guidance from experienced senior threat hunters

• Full Team Integration: Experience what it is truly like to work in a mature security team by becoming a valued contributor from day one

The Role

You will be joining a threat hunting team focused on hypothesis-driven detection of adversary activity across client environments. The team’s mission is to surface what automated tools miss: the subtle, low-and-slow behaviors that signal a determined attacker. As an intern, you will support senior hunters across every phase of the hunt lifecycle, learning by doing and contributing real work to ongoing investigations. As a Threat Hunting Intern, you’ll:

•       Support senior threat hunters in executing structured hunt missions from initial hypothesis through to final reporting, participating in every phase of the process

•       Conduct searches and queries across SIEM and EDR platforms to surface anomalous behaviors and gather evidence to validate or refute active hunt hypotheses

•       Assist in organizing and maintaining hunt hypothesis logs, tracking the reasoning behind each hypothesis, the data sources queried, and the outcomes as hunts progress

•       Validate hunt results by cross-referencing detections against environmental baselines, threat intelligence, and known-good behavior, distinguishing true positives from noise and documenting your reasoning clearly

•       Contribute to the drafting of final hunt reports, helping to summarize methodology, findings, and recommendations in a format suitable for both technical team members and non-technical readers

•       Communicate the results of completed hunts internally, presenting findings in written summaries, team updates, or channel posts with appropriate technical clarity

•       Assist senior hunters in refining and testing detection queries, helping to identify edge cases, validate logic against real data, and suggest improvements based on observed patterns

•       Support triage and contextualization of security findings that surface during hunt operations, helping to prioritize and document what matters

•       Contribute to team knowledge resources by helping document search patterns, field references, hunt playbooks, and lessons learned from completed hunts

•       Stay current on emerging threats and adversary techniques, bringing relevant threat intelligence into hypothesis discussions and helping connect external context to active hunt priorities

Qualifications

• Currently pursuing a degree in Cybersecurity, Computer Science, Information Systems, or a related field; or equivalent demonstrated experience through self-study, competitions, or independent work

• Demonstrated interest in cybersecurity evidenced through personal projects, CTF participation, home labs, coursework, or active engagement with the security community

• Foundational understanding of networking concepts including TCP/IP, DNS, and common protocols, with an ability to recognize when traffic or behavior looks out of place

• Basic familiarity with Windows and/or Linux operating systems: understanding of processes, file systems, and logs at a level that supports security investigation

• Some exposure to query languages such as KQL, SPL, SQL, or similar; comfort writing structured searches to filter and investigate data is a strong advantage

• Awareness of attacker tactics, techniques, and procedures (TTPs) and familiarity with frameworks such as MITRE ATT&CK at a conceptual level

• Strong written communication skills, as you will be contributing to internal findings summaries and hunt reports read by experienced practitioners

• Detail-oriented and curious working style: the ability to follow evidence methodically, ask the next question, and challenge initial assumptions is central to this work

• Comfortable working under the direction of senior team members, asking questions, communicating findings proactively, and flagging blockers early

• Any prior exposure to security tooling such as a SIEM, EDR, or log analysis platform is a plus, but not required; we will teach you what you need

Program Details

Duration: 12 weeks

Location: Remote

Reports to: Senior Threat Hunter