SOC L3 Sr. Analyst -Threat Hunter
Responsible for executing a cyber threat hunting program to identify, detect, mitigate and respond to cyber threats and advanced threat actors, this position requires to develop new detection analytics, gather cyber intelligence, investigate intrusions, identify malicious activity and potential threats. The position will involve collaborating with cross-functional teams and will play a crucial part in enhancing the cybersecurity posture.
- Performing a deep analysis of threats across the entire organization, based on the tactics, techniques, and procedures (TTPs) employed by threat actors.
- Develop and validate hypotheses related to potential security threats. Employ data analysis, forensics, and investigative methodologies to confirm or disprove these hypotheses.
- Create and utilize custom scripts, tools, and queries to facilitate threat detection and analysis.
- Conduct proactive threat hunting operations to detect and investigate sophisticated cyber threats including advanced persistent threats (APTs).
- Analyze security event logs, network traffic, and other security data to identify indicators of compromise (IOCs) and potential security breaches.
- Enhance detection and response capabilities by creating and enhancing threat hunting methodologies, processes, and playbooks.
- Collaborate with cross-functional teams, to deploy security measures and enhance the overall resilience of security systems.
- Stay updated on the latest cybersecurity threats, vulnerabilities, and attack methodologies. Apply threat intelligence feeds and open-source information to drive threat hunting initiatives.
- Investigate security incidents and breaches using advanced techniques and tools to determine the extent and impact of security events.
Working Environment 90% Office / 10% Field
Education Bachelor Degree in Cyber Security, Computer Science, Computer Engineering or any related field
Level of Experience Intermediate Experience in a related filed
Certifications & Licensure
One or more of the following technical certificates (or equivalent):
- Certified Threat Intelligence Analyst (CTIA)
- eLearnSecurity Certified Threat Hunting Professional (eCTHP)
- Certified SOC Analyst (CSA)
- Certified Incident Handler (ECIH)
- Certified Ethical Hacker (CEH)
- GIAC Cyber Threat Intelligence (GCTI)
- Computer Hacking Forensic Investigator (CHFI)
- CompTIA Linux+
Tools & Systems
- Advanced knowledge of the following security systems:
- Security information and event management (SIEM)
- Next-generation firewall (NGFW)
- Intrusion detection and prevention (IDPS)
- Denial of service (DoS) attacks mitigation
- Endpoint Antivirus/Antimalware
- Endpoint detection and response (EDR)
- Good knowledge of various operating system including Windows, Linux and UNIX
- Good knowledge of various IT systems including but not limited to database, domain-controllers, email gateways, virtualization and web servers
- Good knowledge of the following security systems:
- Email protection
- Incident response workflow & automation
- Threat intelligence & threat hunting
- Network & malware analysis
- Data loss prevention (DLP)
- Privileged access management (PAM)
- Vulnerability assessment and management (VA/VMS)
- Penetration Testing