The Senior Threat Hunting Analyst is a part of the Information Security team, is primarily responsible for threat hunting across all environments, including both on-premise and cloud (Azure, AWS). The analyst will contribute to Security Operations and also perform Information Security Operations related tasks.
The role requires an in-depth understanding of Thread Hunting methodologies and Information Security practices.
The Senior Threat Hunting Analyst will be responsible for security monitoring, security event triage, and incident response to hunt and assess, monitor, detect, respond and remediate to advanced threats. The analyst will also perform investigation to identify root cause, potential gaps, exploitation, mitigate risks and other techniques utilized to bypass security controls
The Senior Threat Hunting Analyst will be the first point of contact for security incidents and anomalies.
Responsibilities include but not limited to:
Perform threat hunting across all environments, including on-premise and cloud (Azure, AWS, etc.).
Perform advance threat hunting queries to identify unknown threats and new Indicators of Compromise (IOC’s).
Liase with threat intelligence teams and partners to obtain intel and guide threat hunting activities.
Conduct host and network forensics analysis of systems to identify root cause, impact, and Indicators of Compromise (IOC’s).
Conduct all-source collection and research, analyze, evaluate, and integrate data from multiple cyber threat intelligent sources.
Develop automation scripts/code to aid and introduce efficiencies in routine IR tasks.
Perform real-time triaging on security alerts that are populated in a Security Information and Event Management (SIEM) system, Web filtering, ATP, Azure Security Center or Prisma Cloud.
Monitor and analyze a variety of network, cloud, and host-based security appliance logs (Firewalls, IPS, NAC, Sys Logs, etc.) to determine the correct remediation actions and escalation paths for each incident.
Independently follow procedures to contain, analyze, and eradicate malicious activity.
Document all activities during an incident and providing leadership with status updates during the life cycle of the incident.
Ensure that the security posture of the enterprise cloud environment, delivered across multiple cloud platforms, meets, and exceeds agreed industry-recognized frameworks and standards.
Assist with operational tickets, incident response, project activities and ad-hoc requests
Interpret and summarize technical information for presentation to non-technical business contacts
Position may require on-call and after-hours work,
3+ years in experience in Incident Response / Computer Forensics / Network Forensics / Threat Hunting and Threat Intel or related fields.
1-2 years scripting/programming experience preferred eg. Python, Powershell, SQL, Java.
Direct hands-on experience with at least 1 EDR solution such as Carbon Black and MDE.
Strong technical experience in the implementation and maintenance of security processes, including threat event lifecycle management, Threat Hunting, and Threat Intelligence activities
Technical proficiency with MITRE ATT&CK Framework and how it's used to assess, enhance, and test security monitoring, threat detection, and mitigation activities.
Understanding of frameworks such as NIST, RMF, ISO etc.
Experience with cyber threat actor attribution and their associated tactics, techniques, and procedures (TTPs).
Experience with public Cloud platforms (AWS, Azure).
Good understanding of SOC, Cloud operations, security, automation, and orchestration. Previous SOC experience is preferred.
Understanding of possible attack activities such as network probing/scanning, DDOS, APT, malicious code activity, reverse engineering, malware analysis etc.
Understanding of basic networking protocols such as TCP/IP, DNS, FTP, SSH, HTTP/S
Previous exposure/ Hands-on experience in using Prisma Cloud CSPM or CWPP for Incident response related activities is preferred
Knowledge with security platforms such as (Cisco, Palo Alto NGFW, Proofpoint, Qualys, SIEM, EDR, DLP, etc.).
Minimum of 2+ years of experience in security technologies such as: Security information and event management (SIEM), IDS/IPS, Data Loss Prevention (DLP), Proxy, Web Application Firewall (WAF), Endpoint detection and response (EDR), Anti-Virus, Sandboxing, network- and host- based firewalls, Threat Intelligence, Penetration Testing, etc.
Previous experience of working with law enforcement is a plus.
GCIH, GCFA, GCFE, GNFA along with CISSIPor other similar Security certifications is an asset
Knowledge of current security trends, threats and mitigations.
Excellent oral and written communication skills must be able to write/present with impact.
Previous experience of working in a Big4 is a plus.