Threat Hunting Specialist

Job Description :

• Proactively hunt for advanced threats within the network and systems using various tools and techniques

• Use both Attack Based Hunting and Data Based Hunting to identify and analyze potential threats

• Stay up to date with the emerging threats and the tactics, techniques, and procedures (TTPs) used by threat actors

• Use various data transformation techniques to facilitate effective hunting

• Dissect and simulate attacks that would help in conceptualizing and executing the hunts

• Contribute to the hunting knowledge management i.e., document details about the hunting expeditions, common behaviors, explained anomalies, friendly intelligence, etc.

• Collaborate within/outside the team regarding the identified anomalies and develop and implement tactics for the detection and prevention of incidents

• Create and maintain custom threat-hunting queries, scripts, and dashboards

• Assist in converting successful hunting techniques into automated detection to the extent feasible

• Evaluate the hunting evidence sources and identify improvement areas when needed

• Perform host-based and network-based analysis to support investigations and incident response

• Document, report, and present critical information about the investigation/procedures performed

• Actively participate in the establishment of policies and procedures, training of personnel, and maintenance of analysis and hunting toolset

• Provide recommendations for improving security posture based on threat-hunting insights

• Contribute to and/or participate in Cyber Maturity Assessment activities like purple team exercises, table-top exercises, etc.

• Share knowledge and ideas with other team members

Minimum Criteria :
• Bachelor's Degree in Information Systems, Computer Science, or related field or equivalent or an equivalent number of years of experience
• 5+ years of experience in Threat Hunting
• The successful applicant must possess one or more current, applicable professional/technical certifications, such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Security Compliance Specialist (CSCS), Certified Information Privacy Professional (CIPP), Certified Information Systems Security Professional (CISSP), Certified Internal Auditor (CIA), GPEN, GWAPT, SANS GCFA/GCFE/GSEC/GCIA/GCIH/GREM/GNFA, EnCE, CHFI, CEH, ECIH
• Knowledge of Cyber Security management practices, network, and application vulnerability assessments, change control, business continuity planning, data privacy, and risk assessment practices
• Proficiency with log aggregators/SIEM platforms and search query languages
• Proficiency with general analysis tools like awk, sed, PowerShell, grep, sort, uniq, Python, Excel
• Experience with network packets/traffic analysis using tools like Wireshark, tcpdump, Zeek, tshark, SiLK, etc.
• Proficiency with EnCase or any other forensic tool such as FTK, X-Ways, etc.
• Experience hunting threats using SIEM and other detection platforms
• Proficiency with Windows and *nix OS platforms
• Experience in Incident Investigation and reporting relevant facts
• Experience in memory analysis using tools like Volatility, Rekall, etc.
• Experience using platforms/distributions like SIFT, Remnux, FLARE, etc.
• Offensive security and scripting skills are a plus
• Knowledge of TCP/IP communications and how common protocols (SMTP, HTTP, POP3, IMAP, etc.) and applications work at the network
• Ability to demonstrate analytical expertise, close attention to detail, excellent critical thinking, logic, and solution orientation and to learn and adapt quickly