Responsibilities:
- Hunt for and identify threat actor groups and their techniques, tools and processes
- Participate in “hunt missions” using threat intelligence, analysis of anomalous log data and results of brainstorming sessions to detect an eradicate threat actors on the network
- Provide expert analytic investigative support of large scale and complex security incidents
- Perform analysis of security incidents for further enhancement of alert catalog
- Continuously improve processes for use across multiple detection sets for more efficient TMC operations
- Document best practices with the TMC staff using available collaboration tools and workspaces
- Review alerts generated by detection infrastructure for false positive alerts and modify alerts as needed
- Develop dashboards and reports to identify potential threats, suspicious/anomalous activity, malware, etc.
- Provide forensic analysis of network packet captures, DNS, proxy, Netflow, malware, host-based security and application logs, as well as logs from various types of security sensors
- A passion for research, and uncovering the unknown about internet threats and threat actors
Experience:
- 6+ years overall IT Infrastructure experience
- 3+ years of recent operational security experience (SOC, Incident Response, Malware Analysis, IDS/IPS Analysis, etc.)
- Experience with several of the following topics: malware analysis, APT/crimeware ecosystems, exploit kits, cyber threat intelligence, software vulnerabilities and exploitation, data analysis and dark web intelligence
Skills:
- Demonstrated knowledge of Linux/UNIX & Windows operating systems
- Demonstrated knowledge of the Splunk search language, search techniques, alerts, dashboards and report building
- Experience with Snort, Bro or other network intrusion detection tools
- Detailed understanding of the TCP/IP networking stack and network technologies
- Working knowledge of full packet capture PCAP analysis and accompanying tools (Wireshark, etc.)
- Nominal understanding of regular expression and at least one common scripting language (PERL, Python, Powershell)
- Strong collaborative skills and proven ability to work in a diverse global team of security professionals
- Strong organizational skills
- Strong verbal and written skills
- Excellent interpersonal skills
Education:
- Bachelor’s degree, or relevant work experience
- Relevant Technical Security Certifications (GIAC, EC-Council, Offensive Security, etc.)