Cyber Threat Hunter

» Cyber Threat Hunter
Information Technology
in Austin
, TX
Reference: 19-02898

Responsibilities:

  • Hunt for and identify threat actor groups and their techniques, tools and processes
  • Participate in “hunt missions” using threat intelligence, analysis of anomalous log data and results of brainstorming sessions to detect an eradicate threat actors on the network
  • Provide expert analytic investigative support of large scale and complex security incidents
  • Perform analysis of security incidents for further enhancement of alert catalog
  • Continuously improve processes for use across multiple detection sets for more efficient TMC operations
  • Document best practices with the TMC staff using available collaboration tools and workspaces
  • Review alerts generated by detection infrastructure for false positive alerts and modify alerts as needed
  • Develop dashboards and reports to identify potential threats, suspicious/anomalous activity, malware, etc.
  • Provide forensic analysis of network packet captures, DNS, proxy, Netflow, malware, host-based security and application logs, as well as logs from various types of security sensors
  • A passion for research, and uncovering the unknown about internet threats and threat actors

Experience:

  • 6+ years overall IT Infrastructure experience
  • 3+ years of recent operational security experience (SOC, Incident Response, Malware Analysis, IDS/IPS Analysis, etc.)
  • Experience with several of the following topics: malware analysis, APT/crimeware ecosystems, exploit kits, cyber threat intelligence, software vulnerabilities and exploitation, data analysis and dark web intelligence

Skills:

  • Demonstrated knowledge of Linux/UNIX & Windows operating systems
  • Demonstrated knowledge of the Splunk search language, search techniques, alerts, dashboards and report building
  • Experience with Snort, Bro or other network intrusion detection tools
  • Detailed understanding of the TCP/IP networking stack and network technologies
  • Working knowledge of full packet capture PCAP analysis and accompanying tools (Wireshark, etc.)
  • Nominal understanding of regular expression and at least one common scripting language (PERL, Python, Powershell)
  • Strong collaborative skills and proven ability to work in a diverse global team of security professionals
  • Strong organizational skills
  • Strong verbal and written skills
  • Excellent interpersonal skills

Education:

  • Bachelor’s degree, or relevant work experience
  • Relevant Technical Security Certifications (GIAC, EC-Council, Offensive Security, etc.)