We are seeking a Cyber Threat Hunter/Analyst who will provide ongoing support in the areas of incident response and investigation, assessment or communication of security risk to the enterprise and provide support by monitoring real-time security alerts, identifying and prioritizing potential threats, configure security solutions, and lead security incident investigations. This person will be responsible for providing initial, front-line, analysis, and resolution of security alerts as generated by the SIEM solution and other monitoring solutions capable of generating alerts. A Cyber Threat Hunter/Analyst will also perform incident response, issue resolution, and complete and deliver complex security reports to management in business terms.
What we expect of you:
- Analyze available data sources, security tools, and threat trends and lead security monitoring and analysis techniques to identify attacks against the enterprise.
- Create correlations and other logic to identify attackers and defend the network against advanced attacks.
- Hunt for and identify threat actor groups and their techniques, tools, and processes. Identify gaps in IT infrastructure by mimicking an attacker’s behaviors and responses
- Provide expert analytic investigative support of large scale and complex security incidents
- Perform Root Cause Analysis of security incidents for further enhancement of alert catalog.
- Daily Traffic Review – replaying traffic from previous shifts and reviewing customer reports to ensure potential security incidents were not missed by a Level 1 Analyst.
- Report Run Verification – ensure customer reports run as scheduled
- Improve their knowledge of the customer environment, intrusion detection, methodologies, and intrusion detection services with the support of on-going training from the analysts and self-study
- Review SOC Activity log, cases and other monitoring tools for a complete understanding of previous shift activities and incidents
- Handle Tier 2 event incident response, case management, and customer notification
- Ensure security devices contain up-to-date signatures libraries
- Implement changes to the technologies required, including the inclusion of log sources/types and changes to alerts
- Assist with engineering tasks as necessary
- Train SOC Level 1 Analysts on new attack signatures and attack methodologies
- Providing process and operational improvement suggestions
- Review and update documentation (such as SOPs and TTPs)
- Complete vendor training as requested by Management
- Daily Case Management – the Analyst will review open cases and provide follow up that may be required
- SOC Activity Log –creating, reviewing, and maintaining entries, working with other analysts Report Creation – creating temporary or permanent reports for customers, as requested.
- Tuning – regularly performing tuning and filtering SIEM alerts and monitoring components to ensure only relevant security data is gathered
What you’ll need to succeed in this role:
- 1 to 5+ years of Information Security experience
- 1 to 5+ years Firewall management and rules analysis
- 1 to 4 years of systems analysis
- Working knowledge of Linux and syslog from CLI
- Excellent writing and communications skills
- Familiarization with a variety of information and network security monitoring tools (ArcSight SIEM, QRadar SIEM, Splunk, Arbor DDoS Mitigation, Cisco IDS/IPS, Netcool, and Imperva WAF, among others)
- Understanding of current trends in attacker and threat actor tools, techniques, and procedures
- Coding experience with Python/Bash
- Experience with network security and networking technologies, as well as with system, security, and network monitoring tools
- Ability to work in a dynamic team-centered environment
- Ability and willingness to share on-call responsibilities, work non-standard hours, aid Cyber Security investigations, and travel (up to 15%) when required
Nice-to-haves in this role:
- Professional experience with AWS
- General network and system/application architecture/administration principles
- General knowledge of monitoring system architecture maintained by Cyber Security such as SIEM and Log Management architecture
Stand out from the crowd with any of these preferred Certifications:
- Certified Information Systems Security Professional (CISSP)
- Information Systems Security Engineering Professional (CISSP-ISSEP)
- Systems Security Certified Practitioner (SSCP)
- CompTIA Security+
- Certified Ethical Hacker (CEH)
- Certified Security Analyst (ECSA)
- Certified Incident Handler (ECIH)
- CompTIA Cybersecurity Analyst (CSA+)
- Information Technology Infrastructure Library (ITIL)
- Cisco CCNA
- Cisco CCNP + Security
What we are committed to giving you:
- Competitive compensation
- Dedicated professional coach through your on-boarding process
- Strong culture and a work environment to suit your style!