Cyber Security Engineer (Threat Hunter)
With Hays in Atlanta GA USMore jobs from Hays
Posted on April 03, 2019
About this job
Job type: Full-time
Role: System Administrator
security, r, sysadmin
- The Cyber Security Engineer “Threat Hunter” will be a key member of the Cyber Security Threat Management Center (TMC) responsible for participating in threat actor based investigations, creating new detection methodology and providing expert support to incident response and monitoring functions.
- The focus of the Threat Hunter is to detect, disrupt and the eradication of threat actors from enterprise networks.
- To execute this mission, the Threat Hunter will use data analysis, threat intelligence, and cutting-edge security technologies.
SUMMARY OF THIS ROLE:
- Hunt for and identify threat actor groups and their techniques, tools and processes
- Participate in "hunt missions" using threat intelligence, analysis of anomalous log data and results of brainstorming sessions to detect an eradicate threat actors on the enterprise network.
- Provide expert analytic investigative support of large scale and complex security incidents.
- Perform analysis of security incidents for further enhancement of alert catalog
- Continuously improve processes for use across multiple detection sets for more efficient TMC operations
- Document best practices with the TMC staff using available collaboration tools and workspaces.
- Review alerts generated by detection infrastructure for false positive alerts and modify alerts as needed
- Develop dashboards and reports to identify potential threats, suspicious/anomalous activity, malware, etc
- Provide forensic analysis of network packet captures, DNS, proxy, Netflow, malware, host-based security and application logs, as well as logs from various types of security sensors
- A passion for research, and uncovering the unknown about internet threats and threat actors
- 6+ years overall IT Infrastructure experience
- 3+ years of recent operational security experience (SOC, Incident Response, Malware Analysis, IDS/IPS Analysis, etc)
Experience with one of more of the following topics:
- Malware analysis
- APT/crimeware ecosystems
- Exploit kits
- Cyber Threat intelligence
- Software vulnerabilities & exploitation
- Data analysis
- Dark web intelligence
- Demonstrated knowledge of Linux/UNIX & Windows operating systems
- Demonstrated knowledge of the Splunk search language, search techniques, alerts, dashboards and report building.
- Experience with Snort, Bro or other network intrusion detection tools
- Detailed understanding of the TCP/IP networking stack & network technologies
- Knowledge of Splunk searching, in addition to putting together structured and unstructured data sources for forensic analysis and trending
- Nominal understanding of regular expression and at least one common scripting language (PERL, Python, Powershell).
- Strong collaborative skills and proven ability to work in a diverse global team of security professionals
- Strong organizational skills
- Strong verbal and written skills
- Excellent interpersonal skills