Threat Intelligence Tech Lead

METRO Global Solution Center (MGSC) is internal solution partner for METRO, a €31.6 Billion international wholesaler with operations in 32 countries through 625 stores & a team of 93,000 people globally. METRO operates in a further 10 countries with its Food Service Distribution (FSD) business and it is thus active in a total of 34 countries. MGSC, location wise is present in Pune (India), Düsseldorf (Germany) and Szczecin (Poland). We provide IT & Business operations support to 31 countries, speak 24+ languages and process over 18,000 transactions a day. We are setting tomorrow's standards for customer focus, digital solutions, and sustainable business models. For over 10 years, we have been providing services and solutions from our two locations in Pune and Szczecin. This has allowed us to gain extensive experience in how we can best serve our internal customers with high quality and passion. We believe that we can add value, drive efficiency, and satisfy our customers.

The primary responsibility is to focus on managing and optimizing EDR solutions to enhance endpoint security. This includes designing, implementing, and maintaining EDR systems and technology, investigating incidents, and developing security policies. The ideal candidate will bring deep technical expertise, operational maturity towards improving security posture by collaborating with other teams and staying current with the latest threats.

Qualification:

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. A Master's degree or relevant certifications (e.g., CISSP, CISM, SANS/GIAC) may be preferred.
• 7-11 years of relevant professional experience in a large multi-national organization or in a known MSSP.

Responsibilities:

• Develop and execute threat intelligence strategies, focusing on identifying and mitigating cyber threats.
• Lead activities to gather intelligence on threat actors, including their tactics, techniques, and procedures (TTPs).
• Conduct in-depth analysis of the threat landscape, focusing on industry-specific and emerging threats. Use Various available Security controls and the telemetry data within to conduct proactive threat hunts using a hypothesis-based approach. Analyse large datasets (logs, packet captures, alerts) to identify anomalies, malicious activity, and Indicators of Compromise (IOCs).
• Collaborate with SOC analysts, incident responders, and threat intelligence teams to improve detection rules and response strategies. Additionally, take the identified anomalies to a conclusion.
• Define the metrics, measurements and analytical tools to quantify surface area of risk, business impact and implement mechanisms to track progress on efforts to reduce those risks.
• Continuously improve hunting methodologies, automation, and use of threat hunting frameworks (e.g., MITRE ATT&CK). Stay current on emerging threats, vulnerabilities, and cyber-attack techniques.
• Create and present tailored threat intelligence and hunting reports along with mitigation strategies to internal stakeholders, including executives and IT Team to take necessary actions.
• Prepare monthly reports on threat hunts and able to showcase ROI of the overall threat hunting program.
• Adapts quickly to changing priorities, seeks new ideas, and re-aligns team's priority/roadmap to maximize business productivity.

Technical & Soft Skills:

• In-depth knowledge of security operations center (SOC) operations, Cyber incident response, threat intelligence with extensive experience performing Threat hunting on IT Systems, Network and Endpoints.
• Proficiency in various SOC technologies and Threat Intel platform.
• Experience with scripting (Python, PowerShell, etc.) and automating threat detection or hunting tasks.
• Proficiency with OSINT tools, scripting and automation (e.g., Python, PowerShell), and Darkweb.
• Strong understanding of security frameworks (e.g., MITRE ATT&CK, Cyber Kill Chain) and current threat landscapes.
• Knowledge about Advanced persistent threats and treat actors, their TTPs. Ability to recognize attack patterns and corelate them with specific threat actors.
• Ability to proactively find cybersecurity threats and mitigate them.
• Ability to obtain as much information on threat behaviour, goals and methods as possible.
• Knowledge of Analytics platforms for carrying out detailed analytics of obtained telemetry.
• Strong understanding of Windows, Linux, and network protocols.
• Excellent communication and interpersonal skills to effectively collaborate with clients, stakeholders, and internal teams.
• Analytical and problem-solving skills to identify and address security issues and incidents.
• Ability to adapt to changing security threats and evolving business requirements.