Threat Hunter

With F-Secure in Singapore - SG

More jobs from F-Secure

Posted on November 27, 2019

About this job

Job type: Full-time
Experience level: Mid-Level
Role: System Administrator
Industry: Cybersecurity, IT Security, Security Software
Company size: 1k–5k people
Company type: Public

Technologies

ip, windows, linux, malware, c++, sysadmin

Job description

F-Secure Countercept is currently looking for someone with the right skills and interests to join our Threat Hunting team – areas of particular interest include threat hunting, digital forensics, attack detection and cyber defence. The successful candidate will work within the ‘MDR Business Unit of F-secure, with a group of established threat hunters, focused on carrying out, supporting and investigations of day to day incidents detected by the F-Secure Countercept Managed Detection and Response service for ourcustomers and performing research to continuously improve its capability. If any of the following resonates with you, this could be the role for you:

What we need…

  • Terms like “threat hunting”, “malware analysis”, “process injection”, “covert C2”, “EDR” and “APT” are your bread-and-butter.
  • You love nothing more than spotting the latest attacker techniques in the wild and using your experience to thwart and respond to the ever evolving threats they present to our clients.
  • You are both using and developing cutting edge tools to aid detection and response and are keen to keep up with the latest industry developments.
  • You will have real-world experience responding to attacks of all levels, from script kiddies to nation states, and relish sharing this experience and knowledge with the rest of the team and the industry at large.
  • You keep up with the latest industry developments, are an avid reader of things like /r/netsec and follow swathes of awesome researchers on twitter to get your security knowledge fix.

The Countercept platform is a dynamic and rapidly evolving product, which is heavily research led. The ideal candidate would be able to contribute to enhancing the capability of the service, whether through direct development, research activities or media opportunities.

The ideal candidate should also have solid experience in both offensive and defensive security areas, either penetration testing, incident response or ideally a mixture of both.

The role will also involve client facing functions, including investigative reporting, breach assistance and general client technical account management.

The candidate should be highly motivated, eager to learn and not afraid to get stuck-in, being able to work autonomously as well as part of a team is essential. The ability to effectively triage and prioritise rapidly evolving incidents, utilising a team of threat hunters and IR practitioners to support, is crucial.

The Countercept service monitors target networks 24/7, 365 however work is distributed between F-Secure's UK, Poland and Singapore offices. As such, hunters are expected to work on a rotational basis, including weekends but would not work night shifts.

Being research-led is a key part of how our service and capability develops. As such, you will be given at least 25% of your time dedicated towards research. This time can be spent on a wide range of activities that progress our capability and outputs such as blogs, white papers and conference talks are encouraged!

Main responsibilities include:

  • Proactively investigate host, network and log based security events
  • Manage events and triage from detection to resolution
  • Static/Dynamic Malware Analysis
  • Advanced Host, Network, and Memory Forensics
  • Support/mentoring of junior threat hunters
  • Liaise with clients and report potential findings from both a technical and business perspective
  • Perform research to develop the Countercept service

Who we think will be a great fit…

  • Strong knowledge of core IP networking and common protocols
  • Strong understanding of Windows and Linux internals
  • Hands on experience of network, memory and host forensics
  • Hands on experience of automated and manual malware analysis (static and dynamic)
  • Hands on experience investigating & responding to comprises by advanced attackers
  • Mixed skillset covering both offensive and defensive security
  • Proven coding experience with C++, C#, Ruby and similar
  • Proven scripting experience with Python/Powershell/Bash/WMI and similar
  • Experience with modern offensive techniques and APT TTP's.
  • Experience with common network traffic analysis platforms and/or SIEM solutions

Who we are…

F-Secure Countercept is a managed detection and response (MDR) service designed to counter Advanced Persistent Threats (APT) from state sponsored and sophisticated criminal groups; it detects and responds to compromise and attempted compromise across our clients’ IT estates.

Our philosophy is focused on changing the mindset of the industry, moving away from SOCs filled with alert-fatigued analysts waiting for their SIEM to flag yet another false-positive and moving towards offensively trained, proactive threat hunters, who understand the attacker mindset and can root out even the most sophisticated adversaries across both the network and the endpoint.

Apply here