Wayfinder Threat Hunting Intern

Our Purpose At SentinelOne, we are driven by a clear purpose: to give the advantage to those who secure our future. As AI reshapes how organizations build, operate, and innovate, the responsibility to protect them becomes more critical than ever. When you join SentinelOne, your work helps protect global enterprises, critical infrastructure, and the technologies shaping tomorrow. If you are motivated by meaningful challenges and want your impact to be real, measurable, and global, you will find purpose here. About Us SentinelOne is a company at the intersection of AI and security, pioneering a new operating model for cybersecurity. Our AI-native platform unifies protection across endpoint, cloud, identity, data, and AI systems to deliver autonomous detection and response with clarity and speed. By combining real-time analytics, intelligent automation, and a unified data foundation, we reduce noise, simplify complexity, and empower security teams to focus on what truly matters. Our teams are builders, problem-solvers, and innovators committed to shaping the future of security. If you are excited to solve hard problems alongside talented, mission-driven people, we invite you to help us build a safer future for humanity. What Are We Looking For? We’re looking for people who are relentlessly curious and committed to continuous learning. AI is reshaping every function across our business, and we enable every team member, regardless of role or level, to build fluency in AI tools and concepts. Those who thrive here actively seek out new solutions, experiment thoughtfully, and apply what they learn to drive better, faster, smarter outcomes. As a Wayfinder Threat Hunting Intern, you will support senior threat hunters in delivering SentinelOne’s proactive threat hunting services across commercial and FedRAMP‑authorized environments. You’ll help research emerging threats, assist with building and testing hunt queries, and learn how we convert intelligence and hypotheses into high‑fidelity detections, Flash Reports, and client‑ready insights. What Will You Do? Primary responsibilities include: Assist with threat hunting and hunt content: Help senior hunters design and refine hypotheses‑driven hunts and reusable rules aligned with the MITRE ATTCK framework, with a strong emphasis on EDR telemetry across Windows, macOS, and Linux. Support execution of proactive hunts across endpoints and related telemetry to uncover living‑off‑the‑land techniques, stealthy persistence, and other advanced adversary behavior. Support emerging threat response and periodic hunts: Contribute to research on emerging threats (e.g., major zero‑days or KEVs), helping senior hunters map relevant TTPs and draft focused hunt logic and validation steps. Assist with preparing and running Emerging Threat and hypothesis‑based campaigns across client environments using various workflows. IOC lifecycle and Synapse operations: Curate and operationalize relevant IOCs/TTPs from CTI, Labs research, and OSINT into hunts and, when appropriate, convert those into platform detections. Support efforts to identify coverage gaps and propose additions or exclusions based on hunt results and analyst feedback. Triage, analysis, and collaboration: Review batched hunt findings with related tools, assisting senior hunters with initial triage, enrichment, and classification (benign, suspicious, threat) under guidance. Partner with various supporting teams to share observations about hunts findings, potential tuning opportunities, and candidate rules for platform detections. Documentation, reporting, and enablement: Document investigative hypotheses, methodology, and findings within internal knowledge bases and project management platforms to ensure team-wide alignment and continuous improvement. Assist in drafting technical summaries and reports that detail notable threats, including scope, impact, and recommended mitigations, under the mentorship of senior analysts. H ... (truncated, view full listing at source)