Job Description
Job details
Identify (hunting) and profiling threat actors and Tactics, Techniques, Procedures (TTPs).
o Conducting proactive threat hunting activities to identify potential security threats and vulnerabilities in the organization’s systems and networks.
o User behavior analytics, threat modeling, network & EDR hunting, hunt through MITRE Framework, hunt through Threat Intelligence, hunt via brand intelligence services, blind hunt analogy, hunt pivoting, hunt by orchestration
o Malware analysis and reverse engineering
o Strong understanding of common attack vectors and offensive tools.
o Security Incident Response
o Log analysis (statistical modeling, correlation, pattern recognition, etc.)
Developing and maintaining threat intelligence sources and monitoring emerging threats to ensure the organization stays ahead of potential risks.
Analyzing security logs and other data sources to detect security incidents, including malware infections, phishing attacks, and other forms of cyber threats.
Conducting incident investigations to identify the scope, impact, and root cause of security incidents and breaches.
Experience with IoC lifecycle.
Ability to develop small automation scripts and makeshift tools (Python, PowerShell…).
Design and run custom analysis models on (centralized) security event information to discover active threats, including collaboration on the development of use cases when appropriate.
Developing and implementing strategies and technologies to detect and prevent future security threats.
Collaborating with other members of the security team to improve the organization’s overall security posture.
Good understanding of enterprise architectures and large IT environment operations.
Conducting regular security assessments and audits to identify and address vulnerabilities and compliance gaps.
Provide mentorship and support to teammates with regard to Threat Intel collection , communication/rapport with other business units and various levels of leadership, technical expertise, and career development.
Change Management/ Implementation: Independently implement changes to meet customer infrastructure needs within area of technical responsibility
Patch and Security Management: Apply patch and security changes per policy.
Configuration Management: Ensure Configuration Management Database (CMDB) entries are complete and accurate.
Quality: Provide continual improvement recommendations for direct responsibility area (process improvement, technical standard updates, etc).
Project Management: Participate in customer and internal projects, including transformation.
Customer Relationship Management: Set expectations with customers and/or internal businesses/end users within defined parameters.
Teamwork: Work as part of a team, which may be virtual and/or global. Participate as part of a team and maintains good relationships with team members and customers