We are hiring a Senior Threat Hunting Specialist who combines deep threat-hunting expertise with practical purple-team simulation skills to support an AI-driven detection program. The ideal candidate understands attacker TTPs in depth, can design hypothesis-driven hunts from telemetry, and can script concise attack simulations to generate realistic logs and telemetry in a test environment for validating detections. This role focuses on attacker thinking, preparing and conducting simulations, threat detection SIEM query design and SOC detection validation. Moreover, this role will contribute to features design for ML-driven detection capabilities.

As a senior Threat Hunting Specialist, your responsibilities will include:

• Perform hypothesis-driven threat hunting projects and translate attacker TTPs into measurable telemetry signals (IOAs/IOCs) suitable for ML feature design.
• Collaborate with ML engineers and data scientists to define, propose, and validate candidate features.
• Specify feature engineering transformations, labeling rules, sampling strategies, and evaluation metrics; support feature importance and explainability analysis.
• Create hypothesis-driven detection reports and dashboards from telemetry sources and perform threat hunting investigations using the insights surfaced by those reports.
• Design and execute controlled red-team style simulations (scripted PoCs) in test environments to create labeled datasets for training and validation; ensure simulations are realistic, diverse, and safely scoped.
• Track emerging threats, map them to MITRE ATT&CK, and propose new simulation scenarios and detection features as adversaries evolve.

Requirements (Must - have):

• 5+ years’ experience in threat hunting, SOC/IR, Blue\Red\Purple team experince, or related security roles with demonstrable hunting casework.
• Strong understanding of attacker techniques and the ability to decompose attack chains (MITRE ATT&CK fluency).
• Proven ability to propose hunting hypotheses and identify relevant telemetry fields/signals.
• Experience collaborating with ML or data science teams to define feature requirements, labeling strategies, and validation criteria.
• Proficient with ClickHouse and PostgreSQL, and able to produce clear, high-quality security analysis reports based on telemetry and hunting findings.
• Practical scripting ability for attack simulation and PoC generation (Python required; PowerShell/Bash/other scripting as applicable). Note: production engineering and model training are handled by the team.
• Familiarity with common hunting/detection platforms and telemetry sources (SIEM, EDR/XDR, network and cloud logs, container telemetry).
• Strong analytical reasoning, incident investigation mindset, and excellent written/verbal communication skills.

Bonus/Preferred

• Industry certifications: GIAC GCFA, GCTI, OSCP/OSCE.
• Hands-on red team / adversary emulation experience beyond simple PoCs.
• Familiarity with SOAR products and concepts.
• Familiarity with ML concepts and validation metrics.
• Familiarity with Fortinet product telemetry and tooling — e.g., FortiAnalyzer and FortiSIEM for aggregated and correlation logs, FortiGate traffic/event logs, and FortiEDR endpoint telemetry. Able to map Fortinet event fields to hunting features and to explain which Fortinet logs provide the signals needed for specific TTPs.

About Our Team:

Join our team, known for its collaborative ethos, working seamlessly with global customers, internal engineering teams and product development groups. Our team culture emphasizes continuous learning, innovation, and a strong commitment to customer satisfaction. We embrace Fortinet’s core values of openness, teamwork and innovation, fostering an environment where team members support each other, share knowledge, and leverage AI to solve complex technical challenges. Our inclusive and dynamic team thrives on collaboration and is driven by the shared goal of maintaining Fortinet’s high standards of excellence in cybersecurity solutions.

Why Join Us:

We encourage candidates from all backgrounds and identities to apply. We offer a supportive work environment and a competitive Total Rewards package to support you with your overall health and financial well-being. Embark on a challenging, enjoyable, and rewarding career journey with Fortinet. Join us in bringing solutions that make a meaningful and lasting impact to our 660,000+ customers around the globe.

The Canada base salary range for this full-time position is expected to be between $101,600 - $124,200 annually. Wage ranges are based on various factors including the labour market, job type, and job level. Exact salary offers will be determined by factors such as the candidate’s subject knowledge, skill level, qualifications, and experience.

Fortinet strives to provide you and your family with a comprehensive benefits package. Benefits eligibility starts on your first day of hire and comprises of 100% company paid medical, dental, and vision coverage, including a Health Spending Account and a Personal Spending Account that gives you flexibility to spend where you need it the most. Our Employee & Family Assistance Plan (EFAP) offers you and your family access to various services like counseling, legal advice, mental health resources etc. We also provide critical illness, disability, and life insurance, as well as a Group Registered Retirement Savings Plan (RRSP) with a company match to help you save faster for retirement. We offer competitive Paid Time Off and flexible leave policies, including paid health days, to help you take care of yourself and your family members.

All roles are eligible to participate in the Fortinet equity program. Bonus eligibility is reviewed at time of hire and annually at the Company’s discretion.

---

We are hiring a Senior Threat Hunting Specialist who combines deep threat-hunting expertise with practical purple-team simulation skills to support an AI-driven detection program. The ideal candidate understands attacker TTPs in depth, can design hypothesis-driven hunts from telemetry, and can script concise attack simulations to generate realistic logs and telemetry in a test environment for validating detections. This role focuses on attacker thinking, preparing and conducting simulations, threat detection SIEM query design and SOC detection validation. Moreover, this role will contribute to features design for ML-driven detection capabilities.