Threat Hunting Intern

About Our Internship Program Our summer internship program offers emerging cybersecurity professionals a unique opportunity to gain hands-on experience in threat hunting. As a Threat Hunting intern, you’ll be fully embedded within a team for 12 weeks, working alongside experienced hunters on actual investigations, learning the craft from the inside, and building skills that directly reflect what the industry demands. What We Offer • Customized Experience: We match qualified interns with projects and teams based on their interests and skill sets • Real-World Hunts: Contribute meaningfully to live threat hunting operations, not simulated exercises • Dedicated Mentorship: Receive one-on-one guidance from experienced senior threat hunters • Full Team Integration: Experience what it is truly like to work in a mature security team by becoming a valued contributor from day one The Role You will be joining a threat hunting team focused on hypothesis-driven detection of adversary activity across client environments. The team’s mission is to surface what automated tools miss: the subtle, low-and-slow behaviors that signal a determined attacker. As an intern, you will support senior hunters across every phase of the hunt lifecycle, learning by doing and contributing real work to ongoing investigations. As a Threat Hunting Intern, you’ll: • Support senior threat hunters in executing structured hunt missions from initial hypothesis through to final reporting, participating in every phase of the process • Conduct searches and queries across SIEM and EDR platforms to surface anomalous behaviors and gather evidence to validate or refute active hunt hypotheses • Assist in organizing and maintaining hunt hypothesis logs, tracking the reasoning behind each hypothesis, the data sources queried, and the outcomes as hunts progress • Validate hunt results by cross-referencing detections against environmental baselines, threat intelligence, and known-good behavior, distinguishing true positives from noise and documenting your reasoning clearly • Contribute to the drafting of final hunt reports, helping to summarize methodology, findings, and recommendations in a format suitable for both technical team members and non-technical readers • Communicate the results of completed hunts internally, presenting findings in written summaries, team updates, or channel posts with appropriate technical clarity • Assist senior hunters in refining and testing detection queries, helping to identify edge cases, validate logic against real data, and suggest improvements based on observed patterns • Support triage and contextualization of security findings that surface during hunt operations, helping to prioritize and document what matters • Contribute to team knowledge resources by helping document search patterns, field references, hunt playbooks, and lessons learned from completed hunts • Stay current on emerging threats and adversary techniques, bringing relevant threat intelligence into hypothesis discussions and helping connect external context to active hunt priorities Qualifications • Currently pursuing a degree in Cybersecurity, Computer Science, Information Systems, or a related field; or equivalent demonstrated experience through self-study, competitions, or independent work • Demonstrated interest in cybersecurity evidenced through personal projects, CTF participation, home labs, coursework, or active engagement with the security community • Foundational understanding of networking concepts including TCP/IP, DNS, and common protocols, with an ability to recognize when traffic or behavior looks out of place • Basic familiarity with Windows and/or Linux operating systems: understanding of processes, file systems, and logs at a level that supports security investigation • Some exposure to query languages such as KQL, SPL, SQL, or similar; comfort writing structured searches to filter and investigate data is a strong advantage • Awareness of attacker tactics, techniques, and procedures (TTPs) and familiarity with frameworks such as MITRE ATT&CK at a conceptual level • Strong written communication skills, as you will be contributing to internal findings summaries and hunt reports read by experienced practitioners • Detail-oriented and curious working style: the ability to follow evidence methodically, ask the next question, and challenge initial assumptions is central to this work • Comfortable working under the direction of senior team members, asking questions, communicating findings proactively, and flagging blockers early • Any prior exposure to security tooling such as a SIEM, EDR, or log analysis platform is a plus, but not required; we will teach you what you need Program Details Duration: 12 weeks Location: Remote Reports to: Senior Threat Hunter