Threat Hunter (Analyst)
Job Description
Your role:
Do you have an investigator’s mindset, and intuitively know how to uncover malicious activity? Do you have a deep understanding of computer operating systems and the realities of enterprise IT estates? Do you like data? This role is responsible for analyzing and correlating large data sets to uncover novel threats and attach techniques that may be present within our client’s environment.
Your team:
You will be working for Threat Hunting team, which sits within the Insider Threat function of our client. The team is charged with hunting for unknown and undetected threats, and responding to incidents when they are identified.
Threat hunting analysts are located in our major centers but examine data from our offices all over the world (with some exceptions).
We are refining and building cutting edge capabilities to deliver a world-class Threat Hunting service.
Responsibilities:
We are looking for a Threat Hunter who:
• can query, process and manipulate data in a variety of platforms and formats.
• is able to rapidly understand and leverage new technologies.
• has incident response experience and understands how EDR tools work behind the user interface.
• can interpret structured and unstructured intelligence to determine what is critical for meeting your detection objectives.
• has detailed contemporary knowledge of attacker techniques and understands how to identify them in the real world.
• has initiative and creative thinking to achieve solutions to complex problems.
• able to assist incident response teams with major incidents as required.
Mandatory Skills Description:
Your expertise
• 6+ years’ experience with Threat Hunting or Incident Response, which enables you to recognize malicious activity within a sea of noise.
• Deep knowledge of digital forensics, computer operating systems and enterprise network infrastructure.
• Strong knowledge of malware and exploit desired
• Experience with offensive security tools and attack techniques
• Competence with one or more programming/query languages – experience with Python, PowerShell and SQL is preferred.
• A strong understanding of how to make sense of security and forensic data.
• Experience working with large data set and tools/technologies such as Spark, PySpark, Pandas, Hadoop, Cloudera, Databricks.
• The experience and judgement of an analyst that can clearly explain concepts to a less technical audience, and make well-reasoned arguments for your security recommendations.
• Must be a team player and ability to mentor junior colleagues.