Senior Threat Hunter/Analyst - SOC
Hong Kong, Singapore, Poznan, Bucharest
Applications have closed
ExpressVPN
Top-rated VPN for 2024. Private and secure internet access worldwide, on any device. 24/7 support. Try ExpressVPN for 30 days risk-free.Responsibilities
As an individual contributor in our Security Operations Center, you’ll have a broad list of responsibilities including: (the mix will depend on your interests and skill-level)
- Threat Hunting, to proactively detect, isolate, and neutralize threats:
- Research traffic on our networks, create baselines for expected norms and identify and investigate outliers. Provide your analysis and document your research.
- With your understanding of normal operations and your baseline for logging and events, hunt for anomalous events and pull the thread to determine if our systems were compromised or a compromise was attempted.
- Manage research related to threat hunting adversaries in our environments
- Participate in investigations related to threat hunting adversaries in our environments
- Monitoring:
- Monitor and analyze the output from many log sources including cloud services, on-premise network equipment, productions platforms, and employee provided devices and recommend security actions per procedures where required
- Perform Real-Time monitoring and triaging of security alerts
- Incident Response:
- Act as the first point of contact (POC) for security incidents and anomalies
- Coordinate with other security and operations teams during incidents or investigations
- Conduct preliminary incident triage according to the Security Incident Management Triage Matrix and set the priority accordingly
- React and respond to all real or perceived security and cyber-related incidents, threat and attacks within agreed times
- Determine and classify the severity of alerts and assess potential impacts as classification defined in the knowledge base
- Stay on the bleeding edge by conducting research, consulting with colleagues and attending training to maintain awareness of trends in new security threats, technologies, and regulations
- Assist in IT security investigations, red team exercises and penetration tests as needed
- Understand and operates an effective Security Orchestration, Automation and Response (SOAR) platform
- Work closely with other teams to provide mitigation recommendations to reduce the overall security risk within the organization
- Provide ideas and feedback to improve the overall SOC capabilities and maturity
- Find and analyze various threat intelligence feeds
- The position is on-call through an on-call schedule and PagerDuty.
Required Skills
Advanced understanding of:
- Concepts such as MITRE ATT&CK and the Cyber Kill Chain
- Monitoring non-traditional IT services such as SaaS and cloud services
- Advanced knowledge of:
- SIEM solutions such as Sumo Logic, Splunk or Elastic SIEM
- Endpoint Detection and Response (EDR) solutions such as Carbon Black or Endgame
- Advanced analysis and triaging of security logs from Windows, Linux, ChromeOS, and macOS
- Malware analysis and investigation
- Implants, shells, Command and Control (C2) infrastructures
- TCP/IP Networking, packet capturing and analysis
- Network equipment such as Cisco, Palo Alto, and Juniper
Hiring process
When it comes to hiring processes, “rigorous” and “opaque” are often mistakenly conflated. For us, it’s always a mutual exchange, so we think it’s important that candidates have a clear understanding of the process and what we’re looking for. Learn more about the hiring process by visiting our careers page.
Benefits
Health and happiness go hand in hand, and we make every effort to support our team members in all facets of their lives—both inside and outside the office. Learn more about our employee benefits by visiting our careers page.
Before you apply
- At the moment, we do not sponsor visas in the UK and the EU. For Hong Kong, we require at least two years of working experience and a university degree in a related field. For Singapore, we can only sponsor visas for mid-career or above.
- Please upload your resume as a PDF and do not include any salary or compensation information in it.
ExpressVPN is one of the world’s leading providers of online privacy and security services for consumers. Started in 2009, we’ve grown to have millions of active paying customers, a team of more than 700 people worldwide, and a brand recognized by hundreds of millions of people in 18 languages and more than a hundred countries. We see huge growth in our industry, and are gaining market share through strong execution.
Tags: Automation Cloud Cyber Kill Chain EDR Incident response Linux MacOS Malware MITRE ATT&CK Monitoring Privacy Red team SaaS SIEM SOAR SOC Splunk TCP/IP Threat intelligence Windows
Perks/benefits: Health care Team events
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Product Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs