X

Threat Hunter/Analyst

SecureTalent Partners

Threat Hunter/Analyst

 

We are seeking a Cyber Threat Hunter/Analyst who will provide ongoing support in the areas of incident response and investigation, assessment or communication of security risk to the enterprise and provide support by monitoring real-time security alerts, identifying and prioritizing potential threats, configure security solutions, and lead security incident investigations. This person will be responsible for providing initial, front-line, analysis, and resolution of security alerts as generated by the SIEM solution and other monitoring solutions capable of generating alerts. A Cyber Threat Hunter/Analyst will also perform incident response, issue resolution, and complete and deliver complex security reports to management in business terms. 

What we expect of you:

  • Analyze available data sources, security tools, and threat trends and lead security monitoring and analysis techniques to identify attacks against the enterprise.
  • Create correlations and other logic to identify attackers and defend the network against advanced attacks.
  • Hunt for and identify threat actor groups and their techniques, tools, and processes. Identify gaps in IT infrastructure by mimicking an attacker’s behaviors and responses
  • Provide expert analytic investigative support of large scale and complex security incidents
  • Perform Root Cause Analysis of security incidents for further enhancement of alert catalog.
  • Daily Traffic Review – replaying traffic from previous shifts and reviewing customer reports to ensure potential security incidents were not missed by a Level 1 Analyst.
  • Report Run Verification – ensure customer reports run as scheduled
  • Improve their knowledge of the customer environment, intrusion detection, methodologies, and intrusion detection services with the support of on-going training from the analysts and self-study
  • Review SOC Activity log, cases and other monitoring tools for a complete understanding of previous shift activities and incidents
  • Handle Tier 2 event incident response, case management, and customer notification
  • Ensure security devices contain up-to-date signatures libraries
  • Implement changes to the technologies required, including the inclusion of log sources/types and changes to alerts
  • Assist with engineering tasks as necessary
  • Train SOC Level 1 Analysts on new attack signatures and attack methodologies
  • Providing process and operational improvement suggestions
  • Review and update documentation (such as SOPs and TTPs)
  • Complete vendor training as requested by Management
  • Daily Case Management – the Analyst will review open cases and provide follow up that may be required
  • SOC Activity Log –creating, reviewing, and maintaining entries, working with other analysts Report Creation – creating temporary or permanent reports for customers, as requested.
  • Tuning – regularly performing tuning and filtering SIEM alerts and monitoring components to ensure only relevant security data is gathered

 

What you’ll need to succeed in this role:

  • 1 to 5+ years of Information Security experience
  • 1 to 5+ years Firewall management and rules analysis
  • 1 to 4 years of systems analysis
  • Working knowledge of Linux and syslog from CLI
  • Excellent writing and communications skills
  • Familiarization with a variety of information and network security monitoring tools (ArcSight SIEM, QRadar SIEM, Splunk, Arbor DDoS Mitigation, Cisco IDS/IPS, Netcool, and Imperva WAF, among others)
  • Understanding of current trends in attacker and threat actor tools, techniques, and procedures
  • Coding experience with Python/Bash
  • Experience with network security and networking technologies, as well as with system, security, and network monitoring tools
  • Ability to work in a dynamic team-centered environment
  • Ability and willingness to share on-call responsibilities, work non-standard hours, aid Cyber Security investigations, and travel (up to 15%) when required

Nice-to-haves in this role:

  • Professional experience with AWS
  • General network and system/application architecture/administration principles
  • General knowledge of monitoring system architecture maintained by Cyber Security such as SIEM and Log Management architecture

Stand out from the crowd with any of these preferred Certifications:

  • Certified Information Systems Security Professional (CISSP)
  • Information Systems Security Engineering Professional (CISSP-ISSEP)
  • Systems Security Certified Practitioner (SSCP)
  • CompTIA Security+
  • Certified Ethical Hacker (CEH)
  • Certified Security Analyst (ECSA)
  • Certified Incident Handler (ECIH)
  • CompTIA Cybersecurity Analyst (CSA+)
  • Information Technology Infrastructure Library (ITIL)
  • Cisco CCNA
  • Cisco CCNP + Security
  • GSEC
  • GCIH
  • GCIA
  • MCSE
  • Linux+

What we are committed to giving you:

  • Competitive compensation
  • Dedicated professional coach through your on-boarding process 
  • Strong culture and a work environment to suit your style!

Apply for this position

Drop files here, or browse