Threat Hunter Lead
Take a central role
The Bank of Canada has a vision to be a leading central bank—dynamic, engaged and trusted—committed to a better Canada. No other employer in the country offers you the unique opportunity to work at the very center of Canada’s economy, in an organization with significant impact on the economic and financial well-being of all Canadians. You will be challenged, energized and motivated to excel in our environment.
Building on the principles that have always guided us – excellence, integrity and respect – we strive to be forward-looking and innovative, to welcome people with diverse perspectives and talents, and to earn trust by living up to our commitments and by clearly explaining the intent of our policies and actions.
With our defined-benefit pension plan, benefits, and high flexibility for work life balance - find out more about why we are annually ranked as one of Canada's top employers: Working Here - Bank of Canada
Find out more about the next steps in our Recruitment process.
Threat Hunter Lead
Reporting to the Assistant Director, Cyber Security Operations, you will join a highly impactful Cyber Security team with the mission to keep Canada’s economy safe and secure. In this senior technical role, you will lead threat hunting activities, including log and network traffic analysis, malware behaviour and reverse engineering analysis, and understanding threat Tactics, Techniques and Procedures (TTPs) and how they apply. You will have the autonomy to make decisions and recommendations, utilizing state-of-the-art Enterprise Cyber Security Solutions and continuously learning as technology and threats evolve.
Key Responsibilities:
- Develop and maintain the Bank’s threat hunting program, including frameworks, methodologies, and reporting.
- Align hunting activities with the Bank’s threat profile, cyber crown jewels, and risk scenarios to ensure relevance and impact.
- Define and track program KPIs (e.g., dwell time reduction, hypothesis validation, detection coverage) to measure effectiveness and drive continuous improvement.
- Actively conduct threat hunts to search for threats by analyzing network traffic, logs, and other data sources to identify potential security risks and investigate suspicious activities within the systems and networks
- Develop and test hypotheses regarding potential threats based on emerging trends, threat models you develop, or known tactics, techniques and procedures
- Provide coaching, mentoring, technological expertise, and influence threat detection priorities based on threat intelligence and research
- Engage in ongoing learning about new threats, tools, and techniques to enhance threat hunting capabilities
- Collaborating with Incident response teams to investigate and remediate threats
- Assist in the testing and validation of detection techniques and methods, providing feedback on their effectiveness and suggesting improvements to enhance accuracy and reduce false positives.
- Produce actionable, clear and concise, threat-based reports on hunting or security testing results and remediation options
- Provide advisory and consultation services to senior management and perform as a cyber security SME for emerging threats and investigations
- Innovate and create novel solutions including User Behavior Analytics (UBA) models by leveraging Data Science and Machine Learning (ML)
- Establish and maintain collaborative relationships with external partners and vendors to exchange best practices, support operational objectives, and enhance organizational capabilities through shared insights and continuous improvement
What You Need to Succeed:
The successful candidate will require excellent written and verbal communication skills to effectively convey findings to both technical and non-technical stakeholders, and work effectively within teams to share insights and strategies. They’ll also need excellent problem-solving abilities with a keen attention to detail; particularly with data analytics to recognize patterns and anomalies in large datasets. In addition, you will require:
- Strong understanding and/or experience in offensive security capabilities and threat actor objectives, including familiarity with the MITRE ATT&CK Framework, cyber threat intelligence, threat hunting, risk assessment, and/or penetration testing
- Hands-on experience in malware analysis, reverse engineering, and conducting security research.
- Experience with Splunk as a SIEM tool and the creation of custom security analytics (use cases), endpoint detection and response (EDR) tools and experience in analyzing endpoint logs to detect suspicious activity.
- Knowledge of Windows operating system security, including logging and telemetry sources and familiarity with network and operating system security and network security technologies
- Understanding of cyber kill chain and cybersecurity frameworks (e.g., MITRE ATT&CK, NIST SP 800-53)
- Knowledge of current regional and global threat landscape
Nice-to-Have Skills:
- Recent experience leading a team of Cyber Security Analysts/Developers
- Prior experience conducting blue/purple team exercises or penetration testing
- Experience in Incident Response or leading incident response
- Cloud knowledge and expertise of leading cloud providers (AWS, GCP, Azure)
- Programming and scripting languages skills such as C++/C#/JavaScript/Python/Bash/PowerShell
- Hands-on experience working with LLM and RAG technologies
- Relevant cyber security industry certifications such as CISSP, OSCP, CEH, etc.
Education and Experience:
A university degree/diploma in computer science, Information Technology, Cyber security, or other relevant field along with 7+ years of experience within information security, or an equivalent combination of education and experience may be considered
Language requirement
The Bank’s work environment is conducive to the use of both of Canada’s official languages - English and French. Although the position language requirement is English or French essential, we do encourage everyone to improve second their language proficiency for future career growth and to contribute towards fostering a bilingual environment.
What you need to know
- Priority will be given to Canadian citizens and permanent residents
- Security level required: Be eligible to obtain Secret
- Relocation assistance may be provided, if required
- Please save a copy of the job poster. Once the closing date has passed, it will no longer be available.
Hybrid Work Model
The Bank offers work arrangements that provide employees with flexibility, enable high-performing teams, and support an excellent workplace culture. Most employees can telework from home for a substantial part of each month as part of the Bank`s hybrid work model, and they are expected on site at the Bank location a minimum of eight days per month to help build connections between colleagues. You must live in Canada, and within reasonable commuting distance of the office.
LI-Remote
What you can expect from us
This is a great opportunity to join a leading organization and be part of a high-performing team. We offer a competitive compensation and benefits package designed to meet your needs at every stage of your life and career. For more information on key benefits please visit A great deal to consider.
- Salaries are based on qualifications and experience and typically range from $124,279 to $146,211 (job grade 18)
- The Bank offers an incentive for successfully meeting expectations at 7 to 10% of your base salary. The Bank offers additional performance pay (5%) for those who exceed expectations. Exceptional performers who far exceed expectations may be eligible for higher performance pay.
- Flexible and comprehensive benefits so you can choose the level of health, dental disability and life and/or accident insurance coverage that meets your needs
- Extra vacation days (up to five each year) that you can purchase to add to your vacation entitlement
- Indexed, defined-benefit pension
We wish to thank all applicants for their interest and effort in applying for this position. Only candidates selected for interviews will be contacted.
