Cyber Threat Hunter

Company Description

Experian is the world’s leading global information services company. During life’s big moments — from buying a home or a car to sending a child to college to growing a business by connecting with new customers — we empower consumers and our clients to manage their data with confidence. We help individuals to take financial control and access financial services, businesses to make smarter decisions and thrive, lenders to lend more responsibly, and organizations to prevent identity fraud and crime.

We have 17,800 people operating across 44 countries, and every day we’re investing in new technologies, talented people and innovation to help all our clients maximize every opportunity. We are listed on the London Stock Exchange (EXPN) and are a constituent of the FTSE 100 Index.

Experian is the world’s leading global information services company. During life’s big moments — from buying a home or a car to sending a child to college to growing a business by connecting with new customers — we empower consumers and our clients to manage their data with confidence. We help individuals to take financial control and access financial services, businesses to make smarter decisions and thrive, lenders to lend more responsibly, and organizations to prevent identity fraud and crime.

We have 17,800 people operating across 44 countries, and every day we’re investing in new technologies, talented people and innovation to help all our clients maximize every opportunity. We are listed on the London Stock Exchange (EXPN) and are a constituent of the FTSE 100 Index.

**Job Description**:
Experian GSOC is seeking a Cyber Threat Hunter to be part of a global Cyber Threat Intelligence team that promotes timely and actionable threat intelligence information. This is an incredible opportunity to be part of a world class organization and join a global team of highly skilled and innovative people to help us stay ahead of adversaries. The Cyber Threat Intelligence (CTI) team focuses on defending against emerging threats, supporting cyber investigations, and delivering situational awareness to the business.
- Assist with developing core foundational components of the Threat Hunting program.
- Dedicate primary daily focus to hunt the Experian environment for threats and anomalies with intelligence gathered from CTI sources.
- Develop content that will drive GSOC monitoring and detection (use cases, priority, actionable and relevant intelligence) this includes the creation of Threat Hunting Products (CTITH) to describe and detail analysis.
- Develop processes and procedures for tactical information collection, analysis and dissemination.
- Support the Team(s) by ensuring assignments are handled and completed in a timely fashion.
- Provide feedback on processes and procedures to include improvements and evergreen process.
- Follow all processes and procedures outlined in the Wiki.
- Keep up to date with threat actor TTPs.
- Develop greater holistic insight and adversarial mapping to Experian specific IOCs - attacks to attacker.
- Develop a repository of SOPs, playbooks, and checklists for hunting that aligns to MITRE ATT&CK techniques and the availability of current data.
- Integrate Offensive Intelligence testing methodology and “high-level” findings.
- Save past "hunts" or queries for tracking and collaboration purposes (saved work can transform one-time hunts into persistent queries).
- Assist with Brand Monitoring Intelligence analysis and investigations when requested.
- Assist with Incident Response analysis and investigations when requested.
- Contribute to the Weekly GSOC Meeting every week.
- Contribute to the Weekly Threat Landscape Brief every week.

**Qualifications**:
The primary responsibility for the Cyber Threat Hunter is to proactively investigate security events to identify artifacts of a cyber-attack. Threat Hunters will also be expected to participate in several different areas within Security Operations and Incident Response process; these activities include use-case development, malware reversing and analysis, digital forensics, security control testing, and hunt plan development.
- 8-15 years of experience in a technical security role in one of the following areas: threat detection, incident response, malware analysis, exploit development, and/or red team experience.
- Strong understanding of incident response process, specifically with detection and containment.
- Working knowledge of the Cyber Kill Chain Model, Diamond Model, Course of Action Matrix, and MITRE ATT&CK Matrix and how each methodology can be applied to threat hunting.
- Experience in detecting advanced attack methodologies via log analysis and/or endpoint tools. Experience using event management tools (example: ArcSight, Splunk, or QRadar for analysis and use case development.)
- Understanding of packet analysis and how deep packet inspection toolsets can be used to support threat identification.
- Experienc