Cyber Threat Investigator Lisboa

Overview

Tata Consultancy Services (TCS) is seeking a Threat Hunter for a permanent, Lisbon-based role with hybrid work options. The position involves proactive threat hunting across endpoints, networks, and cloud workloads, with an emphasis on
- driven investigations and collaboration with detection engineering and incident response teams. The role includes a fixed work schedule (9:00 AM to 6:00 PM) and a permanent contract.

Responsibilities

• Experience and Specialization: Minimum of 4 years in threat hunting, Digital Forensics & Incident Response (DFIR), or blue team roles, with specific
  - on experience in threat hunting initiatives preferred.
• Tool Proficiency: Operational expertise with leading EDR and threat hunting platforms such as Crowd
  Strike, Microsoft Defender for Endpoint, or similar solutions that support
  - driven investigations and advanced threat detection.
• Threat Behavior Frameworks: Deep familiarity with adversary behavior modeling using MITRE ATT&CK, along with experience in crafting detections or hypotheses using frameworks like Sigma and behavioral analytics approaches.
• Log Analysis and Scripting Capabilities: Strong analytical skills in handling large datasets using tools like KQL, SQL, and regular expressions. Ability to write custom queries or scripts to parse, filter, and correlate
  - source telemetry during hunts.
• Adversary Simulation and Collaboration: Understanding of purple teaming concepts and familiarity with adversary emulation tools (e. g. , CALDERA, Atomic Red Team) is a plus, enabling collaboration with detection engineering and red teams to validate and improve threat visibility.
• Design and Execute Hypothesis-Based Hunts: Proactively conduct targeted threat hunts by forming and testing hypotheses derived from emerging threat scenarios, internal risk factors, and environmental baselines—spanning across endpoints, network traffic, and cloud workloads.
• Operationalize Threat Intelligence: Analyze threat intelligence reports to identify and track adversary tactics, techniques, and procedures (TTPs). Use this intelligence to focus hunts on relevant threat actor behaviours and active campaigns likely to target the organization.
• Cross-Source Data Correlation: Aggregate and correlate telemetry from multiple platforms such as EDR, SIEM, DNS logs, web proxy data, and identity providers to uncover anomalous behaviours, hidden threats, or lateral movement that evades traditional detection.
• Detection Development Collaboration: Document hunting findings with contextual evidence and actionable conclusions. Work closely with detection engineering and incident response teams to transform successful hunting outcomes into new detection rules, behavioural logic, and automated playbooks.
• Enhance Visibility and Coverage: Continuously evaluate the organization’s detection surface by identifying telemetry gaps or blind spots. Recommend improvements in logging, data collection, and sensor placement to ensure comprehensive visibility and threat coverage across the enterprise.
• Good Behavioral and communication skills.
• Workplace: Lisbon + hybrid work
• Work Schedule: 9AM to 6PM
• Permanent contract
• Pay and benefits - Competitive salary and a flexible compensation plan adapted to your needs (Ticket restaurant plan + Health Insurance).
• Opportunity knocks - Being a part of a growing company, we want to support your path with a career development plan and annual
  - based compensation reviews.
• Learn as you grow - Starting with a fantastic onboarding program, TCS has robust learning platforms that will allow you to learn and grow personally as well as professionally.
• Bring your buddy - If you refer a friend for an open position under the BYB Scheme and they are hired you’ll receive an attractive cash award.
• Connect globally - Work with people from all over the world and feel the multicultural workforce.
• And so on - Appreciations, incentives, team building activities, diversity and inclusion programs, sustainability activities, corporate events; this has only just begun.

Tata Consultancy Services (TCS) is an information technology company founded in 1968, and part of the Tata Group. It has a presence in 55 countries and over 600, 000 employees. TCS is recognized as the #1 Employer in Europe by the Top Employers Institute.

In our portfolio we provide information technology services,
- based solutions, global consulting, engineering and industrial services, digital solutions and services, application maintenance and development, quality assurance and testing services, IT infrastructure, and BPS.

We stand out for our experience, reliability, passion, confidence, creativity and skills.

Seniority level

• Mid-Senior level

Employment type

• Full-time

Job function

• Information Technology

Industries

• IT Services and IT Consulting

Referrals increase your chances of interviewing at Tata Consultancy Services by 2x

Get notified about new Cyber Threat Investigator jobs in Lisbon, Portugal.