Threat hunter

Job Description: Key Responsibilities Responsible for monitoring the security patterns to identify, isolate, and detect the threats before attackers tend to exploit them. Design and run custom analysis models on security event information to discover active threats. Identify (hunting) security nuances and abnormalities in the environment. Develop use cases and actionable content to identify security variants that are currently not alerted within the environment. Testing and analyzing assets for potential security threats. Identifying possible security threats and determining the best security measures. Designing, implementing, and maintaining security protocols, policies, plans, and systems to cover all possible security threats. Coordinating and briefing a team of security specialists and assigning tasks. Meeting with clients to discuss security measures, provide information, and explained the designed system. Perform as an Information Security Resource in three or more of the following areas: Threat Intelligence Incident Response Log analysis (statistical modelling, correlation, pattern recognition, etc.)Reverse Engineering / Malware analysis Collaborate and support teammates and outside teams about threat hunting techniques/issues. Communication/rapport with other divisions and various peers Strong ability to identify needs & driving solutions, and providing guidance, in an autonomous manner. Job Qualifications Bachelor's and/or master’s degree in IT Security, Engineering, Computers Science, or related field/experience4+ years overall technical experience in either threat hunting, threat intelligence, incident response, security operations, or related information security field Deep understanding of common network and application stack protocols, including but not limited to TCP/IP, SMTP, DNS, TLS, XML, HTTP, etc. Advanced experience with security operations tools, including but not limited to: SIEM (e. G., Splunk, Sentinel), Network analysis (e. G., Net Witness, Palo Alto)Signature development/management (e. G., Spunk rules, Snort rules, Yara rules)EDR solutions (e. G., Crowd Strike, Tanium)Scripting experience (KQL, Python, Bash, Power Shell, GO, Perl, C/C++)Excellent analytical and problem-solving skills, a passion for research and puzzle-solving Strong communication (oral, written, presentation), interpersonal, and consultative skills. Q&A for the role: EDRHow can we install EDR agents at endpoints?How can we change the policies of web control and application control in EDR?Key performance indicators for EDR (weekly licence management, agent health checkup, malware detected, critical alerts, true positives, compliance) and TH (hunts conducted, successful hunts,log sources used)How effectively do you interact with and help the SOC team to resolve alerts and incidents?THWhat are the different types of threat-hunting approaches? (IOC, Hypothesis, CVE, Network): brief overview How do you arrive, pick, or start developing hypotheses?? for hypothesis-based hunting??How do you formulate hypotheses for threat hunting, and what factors do you consider when developing them?Can you describe a challenging scenario you encountered while conducting hypothesis-based hunting and how you approached and resolved it? (at least 2 scenarios)Basic knowledge of Yara rules and Sigma rules?Pyramid of Pain, Mitre Attack (Tactic, Techniques, Sub-Techniques - Overview), Cyber Kill Chain, Diamond Model. KQLJoin commands Sentinel console overview A few basic commands in KQL