How does a Threat Hunter primarily differ from a Tier 1 Analyst in operational focus?

Answer

Focusing on anomalous behavior assuming an adversary has already bypassed defenses

While a Tier 1 analyst waits for a system to flag activity and focuses on known IOCs, the Threat Hunter operates under the assumption that an adversary has already bypassed defenses, requiring them to search for hidden threats utilizing hypotheses and focusing on anomalous behavior.

How does a Threat Hunter primarily differ from a Tier 1 Analyst in operational focus?
careerRolesecurityoperationcyber defense