Threat Hunter

About the Role:

The Cyber Threat Hunter will have an opportunity to lead threat hunting missions to support our global research and client threat intelligence teams.

He/She will track emerging threats and threat actors and Advanced Persistent Threat groups, evaluate, and prioritize threat artifacts (malware samples, IOCs, IOAs) and conduct a deeper analysis. The Threat Hunter will utilize open-source threat intelligence sources, proprietary feeds and scanning tools, in-house dark web research data and tools to determine and map out threat actor infrastructure (domains, hosting infrastructure, networks etc.) TTPs to uncover stealth attack campaigns and publish IOCs and Threat Detection rules for our clients and the community on an ongoing basis.

What You’ll Do:

The Cyber Threat Hunter will

• Conduct "Hunt Missions" using open source or private threat intelligence, analysis of malware samples or logs or signals acquired from public sources/provided by clients with the goal of identifying threat actors and their their target organizations
• Utilise Proprietary Honeypots to analyse attacks, extract attacker, victim and vulnerability related information and then assist the research team in preparing and publishing analysis reports for global consumption
• Hunt, Analyse and Track various threat actors/APT groups by gathering and analysing Attacker TTPs and publish blogs/articles
• Continuously update Cyble’s Threat Library and Knowledgebase
• Gather and Publish Threat Actor TTPs and IOCs for client and community consumption
• Contribute to the development of use cases and threat detection logic (YARA and SIGMA rules) and tools to enhance threat detection capabilities for clients.
• Continuously improve and automate threat hunting processes and playbooks for scalable and efficient analysis and use across Cyble research and threat intelligence operations.
• Document best practices for threat hunting and detection development
• Keep UpToDate with advanced threats, vulnerabilities, latest security solutions and risk mitigation strategies used in cybersecurity operations.
• Conduct internal knowledge sharing sessions for the team on a periodic basis

What You’ll Need:

• Degree in Computer Science or any Technical Discipline (B. E, B. Tech, BCA, MCA, B.Sc. (IT))
• Specialization in cyber security, computer forensics or incident response would be a plus
• At-least 5 years of experience in Threat Intelligence, Threat Hunting and Forensic Investigations
• Must have demonstrated experience in evaluating threat intelligence from social media, chats, darknet forums, OSINT and other sources of data openly available on the Internet
• Experience with threat actor attribution
• Functional understanding of common threat analysis models such as the Diamond Model, Cyber Kill Chain, and MITRE ATT&CK.
• Advanced Proficiency in custom scripting and usage of various cyber intelligence tools such as VirusTotal, Domain Tools, Maltego etc to actively search for and analyze threats.
• Ability to automate repeatable security tasks through scripts and custom code
• Self-motivated and results-oriented, with excellent interpersonal and communication and writing skills.