Perform intelligence led proactive threat hunts across the organization, utilising a range of tooling available, and focusing hunts on relevant behavioural tactics, techniques, and procedures (TTPs) identified as potential threats to the organization.
Contribute to detection engineering initiatives by identifying opportunities for, and implementation of new detections as an output of threat hunts completed.
Support other functions within security operations by responding to hunt requests and by applying expertise in advanced actors and TTPs for ongoing incidents, working closely with our incident responders.
Research new attack behaviours and TTPs used by threat actors, leading to new hunting and detection opportunities.
Assist in the development and maturity of the threat hunting process and team through development of cutting edge hunting techniques and introduction of automation into the threat hunting process.
Develop threat hunting hypothesis in collaboration with the threat intelligence team, helping to track relevant threat actors, campaigns and emerging threats and the TTPs they use.
Help in defining the metrics, measurements and analytical tools to quantify surface area of risk, business impact and implement mechanisms to track progress on efforts to reduce those risks.
Represent threat hunting to the wider information security team, and to the wider business, including senior stakeholders, through reporting, presentations and knowledge sharing sessions.
Adapts quickly to changing priorities, seeks new ideas, and re-align with team鈥檚 priority/roadmap to maximize business productivity.
Technical & Soft Skills:
Good understanding of cyber threats, attack vectors, and common exploitation techniques.
Proficiency in using threat intelligence platforms, open-source tools, and SOC technologies such as Google Chronicle SIEM, CrowdStrike EDR/EPP, Vectra NDR, Qualys VM, Recorded Future TI, etc.
Proficiency in multiple query languages such as YARA, CrowdStrike QL or SPS with an ability to manipulate and analyse large data sets.
Expertise in formulating threat hunting hypotheses and working with available data sets to determine conclusions.
Solid understanding of current TTPs used by threat actors and an ability to replicate behaviours in a lab environment to generate telemetry.
Direct experience working with the Mitre ATT&CK Framework or similar, with an ability to utilise the framework to identify detection gaps for threat hunting.
Strong competence being able to quickly respond to emerging threats, showcasing an ability to develop and perform hunts, while working under strict deadlines.
Strong understanding of Windows, Linux, and network protocols.
Strong knowledge of industry frameworks and standards, such as STIX/TAXII, MITRE ATT&CK, and threat intelligence sharing platforms.
Excellent written and verbal communication skills, including the ability to present complex technical information to both technical and non-technical audiences.
Strong analytical and critical thinking skills, with the ability to analyze complex data sets and identify actionable insights.
Proven experience in collaborating with cross-functional teams and providing guidance on threat intelligence-related matters.