To apply send your resume to firstname.lastname@example.org with the position desired in the subject line.
As a team member in the SOC (Security Operations Center), the Threat Hunter will hunt for cyberattacks and threats on customer networks using log flows and threat feeds. Responsible for investigating and generating alerts using defined escalation paths and established processes to help customers mitigate threats.
This includes monitoring network traffic and security event data, conducting proactive threat research and analysis, performing forensic investigation into incidents, and assist with the development of incident response processes and procedures for overall Security Operations Center development.
- Monitor and analyze network traffic and security event data.
- Investigate intrusion attempts and perform in-depth analysis of exploits.
- Provide network intrusion detection expertise to support timely and effective decision making of when to declare an incident.
- Conduct proactive cyber threat and compromise research and analysis.
- Review security events that are populated in a Security Information and Event Management (SIEM) system.
- Analyze a variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine the corrective or mitigation actions and escalation paths for each incident.
- Independently follow procedures to document and report malicious activity.
- Document all activities during an incident and providing leadership with status updates during the life cycle of the incident.
- Create a final incident report detailing the events of the incident.
- Provide analysis regarding intrusion events, security incidents, and other threat indications and warning information from various outside agencies.
- Design and develop processes and procedures to improve incident response times, analysis of incidents, and overall process improvements and security infrastructure.
- Participate in the review of security implications of new applications.
- Contribute to the build of complete security solutions by integrating off-the-shelf and custom security tools through APIs and custom code.
- Understand how to properly implement complex security solutions (such as Firewalls, VPN, and IDS/IPS solutions).
- Foster and maintain good relationships with colleagues to meet expected customer service levels.
- Absorb and adapt to new technologies quickly, and help to implement new solutions seamlessly.
- Maintain contact with vendors, industry peers, and professional associations to keep informed of existing and evolving industry standards and technologies
- Be available, on-call, to rapidly troubleshoot any problems resulting from infrastructure changes, security breaches, or other unplanned/unforeseen circumstances
- Mentor and provide guidance to Tier 1 Threat Hunters.
- Responsible for actions of Tier 1 Threat Hunters on shift with you.
- Clear understanding of networking best practices and OSI model
- Full understanding of Security Kill Chain
- Currently holding two of the following certifications:
- CCNA Security
- In addition to above certifications, must also hold one of the following certifications:
- CCNP Security
- Able to work on a rotating shift schedule
- Experience working in Linux, Windows, and OSX environments
- Minimum 1 year working as a Tier 1 Threat Hunter or equivalent