Lead Threat Hunter (Global Security)

What is the Opportunity?

Do you enjoy cyber security research and innovation, proactive thinking and problem solving, in a challenging and adaptive environment while consistently thinking outside of the box? If so, this opportunity is right for you!

RBC’s Threat Hunting team is responsible for the proactive identification and detection of sophisticated threat actors and insider threats that might pose a risk to the organization and employees. We are a team of experienced and enthusiastic security experts, researchers, and innovators that are passionate about solving complex cyber security problems, developing novel solutions, and building prototypes in areas where security vendors are one step behind. We engineer tailor-made detections that will reduce risk to our organization, employees, and clients.

We’re looking for an experienced Lead Threat Hunter to fill a top seniority technical role on the team, who is constantly thinking outside the box, ready to dive deep into the smallest details, is passionate about cybersecurity and has a natural detective sense. The right candidate has experience in both offensive and defensive operations and enjoys innovation and security research.

• Create detection engineering solutions to proactively identify and mitigate sophisticated threat actors (APTs/UNCs) and insider threats

• Analyze, research and reverse engineer Tactics Techniques and Procedures (TTPs) and malware samples to create detections based on industry leading frameworks such as MITRE ATT&CK

• Develop, plan, lead and participate in Purple Team Exercises focusing on and discovering and mitigating emerging threats

• Innovate and create novel solutions including User Behavior Analytics (UBA) models by leveraging Data Science and Machine Learning (ML), bringing cybersecurity and data science closer

• Collaborate and foster relationships with multiple teams including Adversary Emulation (Red Team), Data Science, Threat Intelligence, Security Operation Centre (SOC) and Digital Forensics and Incident Response (DFIR) to drive pragmatic cyber security improvement

• Work closely with our dedicated Development team to create and enhance our threat hunting in-house developed products

• Develop, implement, and refine our defensive tradecraft and tooling

• Provide bespoke advisory and consultation services to senior executive management and perform as a cyber security SME for emerging threats and investigations

• Work and utilize vast data sources, data lakes and security vendor solutions

• In conjunction with other members of the Global Security group, you would ensure the ongoing enhancement of the threat hunting methodologies and overall strategy to detect and alert of cyber threats

• 5+ years of Cyber Security operations experience preferably comprised of both defensive and offensive roles

• Familiarization with the cyber security Kill Chain phases and MITRE ATT&CK framework TTPs

• Knowledge of offensive security tools, techniques, procedures and security domains focusing on operational security

• Solid grasp of cyber security controls/products including both endpoint, network, application, and infrastructure

• Knowledge of current regional and global threat landscape

• Strong knowledge of Python

• Hands-on experience in malware analysis, reverse engineering, and security research

• Prior experience conducting blue/purple team exercises or penetration testing

• Digital Forensics skills including memory/network/OS/disk forensics

• Defensive oriented certification such as GIAC GREM, GCFA or other reputable, technical, and defensive/offensive focused certification

• Cloud knowledge and expertise of leading cloud providers (AWS, GCP, Azure)

• Programming languages such as C++/C#/JavaScript/Assembly

• Hands-on experience working with LLM and RAG technologies

We thrive on the challenge to be our best, progressive thinking to keep growing, and working together to deliver trusted advice to help our clients thrive and communities prosper. We care about each other, reaching our potential, making a difference to our communities, and achieving success that is mutual.

• A comprehensive Total Rewards Program including bonuses and flexible benefits, competitive compensation, commissions, and stock where applicable

• Leaders who support your development through coaching and managing opportunities

• Ability to make a difference and lasting impact

• Work in a dynamic, collaborative, progressive, and high-performing team

• Flexible work/life balance options

• Opportunities to do challenging work

• Opportunities to take on progressively greater accountabilities

• Opportunities to building close relationships with clients

Note: LI-POST, TECHPJ

Address: 330 FRONT ST W TORONTO

City: Toronto

Country: Canada

Work hours/week: 37.5

Employment Type: Full time

Platform: TECHNOLOGY AND OPERATIONS

Job Type: Regular

Pay Type: Salaried

Posted Date: 2025-06-11

Application Deadline: 2025-10-10

Note: Applications will be accepted until 11:59 PM on the day prior to the application deadline date above

Inclusion and Equal Opportunity Employment

At RBC, we believe an inclusive workplace that has diverse perspectives is core to our continued growth as one of the largest and most successful banks in the world. Maintaining a workplace where our employees feel supported to perform at their best, effectively collaborate, drive innovation, and grow professionally helps to bring our Purpose to life and create value for our clients and communities. RBC strives to deliver this through policies and programs intended to foster a workplace based on respect, belonging and opportunity for all.