Desired Skills and Experience
- Hunt for and identify threat actor groups and their techniques, tools, and processes
- Participate in Hunt missions using threat intelligence, analysis of anomalous log data and results of brainstorming sessions to detect and eradicate threat actors
- Maintain current knowledge of tools and best-practices in advanced persistent threats; Tactics, Techniques, and Procedures (TTPs) of attackers
- Develop Threat Hunting dashboards and reports to identify potential threats, suspicious/anomalous activity, and malware
- Identify malicious or anomalous activity based on event data from Firewalls, WAF, IPS, HIPS, Anti-Virus, and other sources
- Perform deep dive analysis by correlating data from various sources
- Provide expert analytic investigative support for critical Incident Response security incidents
- Act as an escalation support for Incident Response SOC on critical security events
- This position requires the ability to work in shift schedules and on-call rotation
- Bachelor Degree in Computer Science, Information Systems or a related technical field preferred
- Minimum of 4-6 years of experience in Information Security Incident Response, Cyber Threat Hunting
- Proven track record of successful innovative hunts that are completed in a timely manner
- Thorough understanding of how to detect lateral movement within a network and thinking outside the box to discover the signal within the noise
- Excellent communication and influencing skills including the ability to simplify key messages, present compelling stories and promote technical and personal credibility with internal and external executives, and both technical and non-technical audiences
- Proven success working across organizational and geographic boundaries
- Familiarity with Security tools Palo Alto IPS, Cylance, Symantec
- Experience in performing Malware analysis
- Experience with utilizing Carbon Black Process tree and Threat hunting
- Experience with utilizing SIEM tool Splunk effectively in triage events and Splunk search capabilities
- Strong background within Incident Response & Threat Hunting including IOC (Indicators of Compromise) & TTP (Tactics, Techniques & Procedures)
- Strong knowledge in TCP/IP, cryptographic protocols and algorithms, operating system (MAC\Linux\Windows) internals and operations
- Deep Understanding of common Attack Vectors DDoS attacks, Phishing, Web Attacks, and Malware
- Security certifications: CISSP, SANS GIAC (GREM, GCFA, GCIH), OSCP
- Experience in user behavior analytics tools and investigation
Apply