Your Next Move: Threat Hunter

January 3, 2025

This article is part of an IT Career News series called Your Next Move. These articles take an inside look at the roles related to CompTIA certifications. Each article will include the role's responsibilities, qualifications, related job titles, and salary range. As you consider your next IT career move, check back with CompTIA to learn more about your job prospects and how to get there.

Threat hunters are IT professionals who proactively find and mitigate cybersecurity threats before they compromise an organization. It is a newer extension of the cybersecurity analyst job role intended to neutralize advanced threats that might evade the security operations center (SOC). If you like to search for new threats and stop cybercriminals in their path before they attack, then threat hunter may be the right cybersecurity job for you.

What is a threat hunter?

Threat hunters identify advanced threats and then track and mitigate them before organizational IT systems are attacked. Advanced threats may constitute up to 10% of cyber threats, and not all advanced threats are detected solely with SOC solutions. Threat hunters are needed for that very purpose.

A threat hunter continuously detects, analyzes, and combats advanced threats. The job role includes detecting vulnerabilities and mitigating the associated cybersecurity risk before it affects the organization.

A threat hunter might be tasked with the following:

Search for cyber threats and risks hiding inside the data before attacks occur
Gather as much information on threat behavior, goals, and methods as possible
Organize and analyze the collected data to determine trends in the security environment of the organization
Make predictions for the future and eliminate the current vulnerabilities

Threat hunters are usually found in large enterprise organizations with over 1,000 employees. They do not work on known cyber threats. Instead, they find new threats and coordinate with the SOC team and cybersecurity manager to ensure incident response and mitigation.

For small- to medium-sized businesses, threat hunter services are usually performed by managed service providers (MSPs) that may subscribe to threat feeds or join Information Sharing and Analysis Organizations (ISAOs) for threat intelligence. MSPs may have a threat hunter on staff to serve dozens of these organizations or expect their cybersecurity analysts to perform the threat hunter job role.

Why are threat hunters important?

Predicting the next cyberattack is difficult because advanced threats have no defined indicators—we don’t know what to look for. The only way to defend the organization is to apply newer threat hunter and security analysis techniques to find threats before they find you.

Threat actors often use valid credentials for these attacks, which may be obtained through social engineering techniques. The Splunk and Johns Hopkins Applied Physics Laboratory case study demonstrates how to “get ahead” of an adversary using threat-hunting tactics and provides excellent insight into the threat-hunter job role.

In an ideal world, vulnerabilities would be identified by threat hunters and cybersecurity analysts inside the organization, not by outsiders. These vulnerabilities can be addressed before they lead to a real security incident.

How to become a threat hunter

Most companies hiring a threat hunter are looking for someone with a cybersecurity analyst background and possibly a bachelor’s degree in computer science, cybersecurity, programming, or a related field.

Many threat hunters previously worked as security analysts. Certifications like CompTIA Cybersecurity Analyst (CySA+) prove you have the skills to be a threat hunter or security analyst. Check out the CompTIA Career Roadmap to see what other certifications can help you become a threat hunter.

The details

Job titles related to threat hunter

Will your next move be threat hunter? If so, check out CompTIA Cybersecurity Analyst (CySA+) to get the skills to get you there.