Threat Hunter

**What We Do**

**Managing cyber risk, together** - Today the modern enterprise is an Enterprise of Things. We are on a mission to secure the Enterprise of Things with active defense by identifying, segmenting, and enforcing compliance of every connected thing in a real-time and at scale. Our unified security platform enables enterprises and government agencies to focus on Zero Trust segmentation, IT/OT convergence, and OT/ICS innovation, all supporting our mission and vision.

Join us as we secure the world with our products. We are looking for resourceful individuals to collaborate as one team while ensuring a world-class customer experience. We are cyber-obsessed about addressing the world’s most challenging security problems. Innovation starts here, everyone’s ideas are valued, visionaries welcomed

**What You Will Do**

Forescout is currently seeking a Cyber Threat Hunter to join a growing hunt team. Our Cyber Threat Hunting is part of SOC team within Forescout’s MSSP function to strengthen our customers defensive posture. This team works and collaborates with data science, threat research, and SOC teams to identify opportunities to use and improve telemetry, develop methods to investigate emerging tactics and techniques to help secure critical infrastructure of our clients around the world.

Threat hunting is more than finding the “new badness” in our client’s environment and more than the usual slogan “finding the needle in the haystack”. For us it is more about understanding the nature of the needle, the composition of the haystack, and LAYERing where the next needle might fall.

The role is responsible for analyzing and correlating large data sets to understand the environment, identify its telemetry and investigate its uniqueness. The role will also include using our threat hunt framework and methodologies to identify hidden security risks, uncover visibility gaps, while aligning hunting activities with business priorities and leveraging contextual intelligence to reduce mean time to detection (MTTD) and minimize potential breach impact

Principal Duties & Responsibilities
- ** Proactive Threat Hunt**:
- Understand attack motivations and techniques by correlating threat data from various sources to simulate and validate hunt coverage (e.g., MITRE ATT&CK, red team findings, threat simulation)
- Operationalize threat intelligence into actionable hunts and utilize various data analysis methods to identify unknown risks within our clients’ network infrastructure.
- ** Detection Strategies**: Continuously improve the service by identifying gaps in knowledge and correcting them. Like collaborating with internal data science team to translate hunt findings into detection rules, analyzing disparate data sources to understand its value, developing dashboards, and automation playbooks in partnership with SOC.
- ** Investigate**: Investigate and analyze security incidents to determine the root cause, scope, and impact of potential cyber threats.
- ** Mitigation Strategies**: Develop and recommend mitigation strategies, countermeasures, and best practices to enhance clients’ cybersecurity posture and resilience against cyber threats.
- ** Collaborate with Stakeholders**: Work closely with cross-functional teams, including IT, security operations, incident response, threat intelligence, and management, to communicate findings, provide recommendations, and ensure timely response to cyber threats.
- ** Stay Current with Cybersecurit**y Trends**: Continuously monitor and research emerging cybersecurity threats, vulnerabilities, and industry best practices to stay ahead of evolving cyber threats.

**What You Will Bring To Forescout**
- ** Technical Proficiency**: Knowledge of network, endpoint, cloud platforms (AWS, Azure, GCP), containers technology and their telemetry to identify “when to start worrying and sound alarm”- Knowledge on hunt methodologies, adversary TTPs, threat intelligence, and frameworks such as MITRE ATT&CK, Cyber Kill Chain, and Diamond Model.
- Ability to adapt to varying-scale enterprise environments to conduct threat hunts.
- Ability to use at least one popular programming language (Python, Go) and one data query language (KQL, SQL)
- Experience in conducting research on either APTs or cybercrime with the ability to adapt to focus on broader threat landscape
- ** Detection Engineering**: Experience in building and utilizing analytical rules/queries from hunts, ability to create data visualizations and document new procedures/runbooks/playbooks to assist other analysts.
- ** Analytical Skills**:Analytical and problem-solving skills with the ability to analyze large datasets, identify patterns, and correlate disparate events to identify potential opportunities.
- ** Communication Skills**:Effective communication skills with the ability to articulate complex technical concepts to both technical and non-technical stakeholders.
- ** Education**:Bachelor’s degree in computer science, Information