[Hiring] Wayfinder Threat Hunting Intern @SentinelOne

Role Description

As a Wayfinder Threat Hunting Intern, you will support senior threat hunters in delivering SentinelOne’s proactive threat hunting services across commercial and FedRAMP‑authorized environments. You’ll help research emerging threats, assist with building and testing hunt queries, and learn how we convert intelligence and hypotheses into high‑fidelity detections, Flash Reports, and client‑ready insights.

What Will You Do?

• Assist with threat hunting and hunt content:
  • Help senior hunters design and refine hypotheses‑driven hunts and reusable rules aligned with the MITRE ATT&CK framework, with a strong emphasis on EDR telemetry across Windows, macOS, and Linux.
  • Support execution of proactive hunts across endpoints and related telemetry to uncover living‑off‑the‑land techniques, stealthy persistence, and other advanced adversary behavior.
• Support emerging threat response and periodic hunts:
  • Contribute to research on emerging threats (e.g., major zero‑days or KEVs), helping senior hunters map relevant TTPs and draft focused hunt logic and validation steps.
  • Assist with preparing and running Emerging Threat and hypothesis‑based campaigns across client environments using various workflows.
• IOC lifecycle and Synapse operations:
  • Curate and operationalize relevant IOCs/TTPs from CTI, Labs research, and OSINT into hunts and, when appropriate, convert those into platform detections.
  • Support efforts to identify coverage gaps and propose additions or exclusions based on hunt results and analyst feedback.
• Triage, analysis, and collaboration:
  • Review batched hunt findings with related tools, assisting senior hunters with initial triage, enrichment, and classification (benign, suspicious, threat) under guidance.
  • Partner with various supporting teams to share observations about hunts findings, potential tuning opportunities, and candidate rules for platform detections.
• Documentation, reporting, and enablement:
  • Document investigative hypotheses, methodology, and findings within internal knowledge bases and project management platforms to ensure team-wide alignment and continuous improvement.
  • Assist in drafting technical summaries and reports that detail notable threats, including scope, impact, and recommended mitigations, under the mentorship of senior analysts.
  • Help maintain and update team playbooks and standard operating procedures (SOPs) to reflect new findings and streamlined workflows.

Qualifications

• Strong written and verbal communication skills, with the ability to clearly document analysis, summarize findings, and collaborate with distributed teams across MDR, IRR, Detection Engineering, and Threat Intelligence.
• Progress toward a degree in Computer Science, Cybersecurity, Information Security, or a related technical field, or equivalent practical experience.
• Foundational experience with security operations concepts, such as familiarity with EDR/XDR or SIEM tooling, basic SOC workflows, or prior lab/internship experience in threat hunting, incident response, or security analysis.
• Comfort working with EDR‑style telemetry (process, file, network, and persistence data) and an interest in learning how to turn that telemetry into effective hunts and detections.
• Basic proficiency with at least one scripting or query language (such as Python, PowerShell, Bash, SQL, or a log query language), and an interest in using code and queries to test hypotheses and analyze large datasets.
• Exposure to MITRE ATT&CK or similar frameworks, and curiosity about adversary TTPs, campaign tracking, and how CTI (threat intelligence) is operationalized into hunts.
• A growth mindset, strong attention to detail, and a willingness to work within structured processes (including FedRAMP‑aligned procedures) while still thinking creatively about new hunt ideas and improvements.

Benefits

• 1:1 mentorship
• The opportunity to expand your knowledge and work on challenging projects
• Training and Development opportunities
• Connections to other recent grads, and employees across the company
• Leadership speaker series where you can learn about other areas of the business and ask questions to the senior leadership team and industry experts
• Fun events!

Company Description

SentinelOne is a company at the intersection of AI and security, pioneering a new operating model for cybersecurity. Our AI-native platform unifies protection across endpoint, cloud, identity, data, and AI systems to deliver autonomous detection and response with clarity and speed.