Threat hunter

Job Description

As a Threat Hunter, you will be responsible for proactively identifying, analysing, and mitigating potential threats across our environments. You will lead threat hunts, leverage data from multiple sources, and apply advanced techniques to detect suspicious behaviour and uncover threats. Collaborating with cross-functional teams, youll refine detection strategies and enhance our overall security posture. This is an exciting opportunity to make a significant impact by driving proactive security measures.

Responsibilities

• Performing day-to-day operations as a trusted advisor on advanced threat hunt for team

• Leading "hunt missions" using threat intelligence, data from multiple sources and results of brainstorming sessions to discover evidence of threats, insider misconduct, or anomalous behavior

• Utilizing advanced threat hunting techniques and tools to detect, analyze, and respond to anomalous activities. This includes Identifying threat actor groups and characterizing suspicious behaviors as well as being able to identify traits, C2, and develop network and host-based IOCs or IOAs.

• Finding evidence of threats or suspicious behavior and leveraging data to improve controls and processes; this will require a blend of investigative, analytical, security, and technical skills to be successful.

• Evaluating and making recommendations on security tools and technologies needed to analyze potential threats to determine impact, scope, and recovery.

• Ensuring gaps in detections are socialized with Cyber Security stakeholders; this includes identifying dependencies, recommendations, and collaborating to mitigate threats.

• Should have understanding and experience on MITRE ATT&CK Framework based Threat Hunting.

• Acting as subject matter expert in internal and external audit reviews. This includes producing and presenting artifacts and executive summaries to support the overall mission.

• Participating in Purple Team, Threat Hunt, and tabletop exercises.

• Working closely with key cross-functional stakeholders to develop and utilize proactive and mitigating measures to prevent, detect and respond to potential threats to Verizon on prem and cloud environments.

• Mentoring and advising team members by educating them on advanced techniques on threat hunting.

• Experience in threat Hunting to find presence of adversaries within organizational infrastructure.

• Promoting an environment of collaboration and individual accountability when it comes to problem-solving, decision-making, and process improvements.

Qualifications

• Bachelor's and/or masters degree in IT Security, Engineering, Computers Science, or related field/experience

• 5+ years overall technical experience in threat hunting.

• Deep understanding of common network and application stack protocols, including but not limited to TCP/IP, SMTP, DNS, TLS, XML, HTTP, etc. Hinduja Global Solutions Limited "For internal use only" 1 of 1 HGS-SECURE/MSSP/HGS-UK/PROPOSAL/0001 "Un-controlled if printed".

• Comprehensive knowledge utilizing system, cloud, application and network logs.
• Experience working with IOCs, IOA, and TTPs.

• Proficient knowledge of the cyber threat landscape including types of adversaries, campaigns, and the motivations that drive them.

• Proficient knowledge of different programming languages, like, KQL, Python, PowerShell etc.

• Experience working with analysis techniques, identifying indicators of compromise, threat hunting, and identification of intrusions and potential incidents.

• Fundamental understanding of tactics, technologies, and procedures related to Cyber Crime, Malware, Botnets, Hacktivism, Social Engineering, APT or Insider Threat

• Knowledge of operating system internals, OS security mitigations & understanding of Security challenges in Windows, Linux, Mac, Android & iOS platforms

• Knowledge on query structures like Strong understanding of cyber based adversarial frameworks including MITRE ATT&CK and Lockheed Martin's Cyber Kill Chain.

• Knowledgeable with Regular Expressions, YARA and SIGMA rules, AQL and KQL type and at least one common scripting language (PERL, Python, PowerShell)

• Excellent analytical and problem-solving skills, a passion for research and puzzle-solving

• Excellent cross-group and interpersonal skills, with the ability to articulate business need for detection improvements

Certifications

• Certifications such as below or similar threat-hunting credentials are highly desirable.
• Certified Threat Hunting Professional eCTHP
• Certified Incident Responder (eCIR)
• Certified Digital Forensics Professional eCDFP
• GIAC Certified Incident Handler Certification (GCIH)
• GIAC Enterprise Incident Response (GEIR)
• Network+, Security+, CISSP, CISM, GCIH, GCFA, GCFE, GREM and/or or cloud-specific certifications (ex: AWS Certified Security - Specialty, Microsoft Certified: Azure Security Engineer Associate, Google Cloud Certified Professional Cloud Security Engineer