Security Threat Hunter

Job Summary:

Hunts for threats and proactively develop, tune and implement threat detection analytics and keep current on the latest security landscape.  Leverages threat intelligence to identify impacted systems and the scope of the attack. Assists in incident response activities; possesses in-depth knowledge in network, endpoint applications including malware, reverse engineering and forensics.

The role is regular working hours (6.30-14.30 and 9.30-17.30 depending on specific team schedule set) but has a required on-call component (covering out-of-work hours and weekends).

Specific Duties & Responsibilities:

• Researches threat intelligence feeds to identify indicator of attacks/compromise (IOAs/ IOCs) for correlation to internal events.
• Proactively search for threats to identify, analyze and report on any malicious or suspicious activities and trends that could be indicative of risk.
• Recognize potential, successful, and unsuccessful intrusion attempts/compromises through review and analysis of relevant event detail and summary information.
• Performs forensics and post-mortem analysis and/or root cause analysis.
• Determines the extent of a compromise; attributes of any malware and determination of possible data infiltrated.
• Perform malware analysis using comparative analysis and community knowledge.
• Identify and characterize new emerging threats, vulnerabilities, and risks.
• Recommends how to optimize security monitoring tools based on threat hunting discoveries.
• Work closely with L1 and L2 analysts to get direct feedback about new, unknown suspicious behavior, and indicators.
• Develops actionable intelligence to drive countermeasure development
• Develop, review and recommend improvements on use cases, playbooks and vulnerability management reporting.
• Work with remediation (IT Infra & Ops) teams on events and incident mitigation
• Follow up on remediation activities.
• Other task that may be assigned by the SOC Manager.

Job Specifications:

• A Bachelor's Degree in a relevant area of study with a preference for Information Security, Computer Science or Computer Engineering
• At least 5-year cybersecurity experience
• Experience and keen understanding of cybersecurity incident discovery and event management, endpoint protection, threat intelligence, forensics and malware analysis, reverse engineering, response solutions including functioning of specific applications and underlying IT infrastructure.
• Experience and keen understanding of security-relevant data, including network protocols, ports and common services, such as TCP/IP network protocols and application layer protocols (e.g. HTTP/S, DNS, FTP, SMTP, Active Directory etc.)
• Familiar with using tools related to: data security analytics and visualization, ethical hacking
• Experience in developing and maintaining Play/Run-Books and/or Standard Operating Procedures in a SOC environment
• Involvement in threat intelligence and cybersecurity communities.
• Skills in sourcing, digesting and acting on threat intelligence feeds
• Strong troubleshooting, reasoning, and analytical problem-solving skills
• Ethical hacking skills a big plus but not essential
• Certifications may include CEH, CISSP, CISA, GSEC, CHFI, GCIH, GREM etc.
• Task and deliverable management skills

• Excellent English communication (both written and verbal) and presentation skills
• People and project management skills
• Conflict and problem resolution skills
• Willingness to work overtime and adjust to reasonable demands from management in case of critical incidents being escalated to L3 for immediate handling