Cyber Security Threat Hunter
Company: Sentinel Technologies
Type: Full Time
Sentinel seeks a Cyber Security Threat Hunter to join their team. The Cyber Security Threat Hunter is an integral part of their Security Operations Center and will be responsible for creating and performing proactive, iterative, and repeatable searches on enterprise customer environments to detect malicious, suspicious, or risky activities or novel attack techniques that have evaded detection by existing tools. This person will seek out Identify any anomalous/malicious behavior and identify any visibility gaps in the customer environment while also identifying opportunities for automation and apply these to hunting playbooks and methodologies. Your ability to analyze real traffic and associated artifacts: malicious, normal, and application traffic; and demonstrate the ability to differentiate malicious traffic from false positives will be critical in this position. Qualifications:
- 3+ years of experience as a key member of a security operations team (SOC, Incident Response, Threat Intel, Malware Analysis, IDS/IPS Analysis, etc.
- Must have strong communication skills to be able to collaborate and create reporting based on threat hunt findings which may be presented to internal and/or external stakeholders.
- Must be able to collaborate with internal teams to recommend/develop new or custom security content to include signatures, alerts, workflows and automation to counter prospective threats and enable future hunts.
- Must have expertise in SIEM, network, and/or host-based analysis and investigations including query languages popular in SIEM products.
- Must have the desire to perform continual research on cyber threats, vulnerabilities, newly released indicators, and adversary tactics, techniques, and procedures to stay current with the latest evolutions in the threat landscape and use that knowledge to continuously update methodologies and playbooks.
- Must have experience using threat intelligence-driven or hypothesis-based threat hunting and various cybersecurity and intelligence frameworks to identify missing or ineffective detection capabilities.
- Strong ability to translate technical concepts and information into a form easily consumed by non-technical stakeholders.
- Must be able to accurately document threat hunting methodologies and findings.
- Act as a point of escalation for cross-team collaboration.
- Ability to correlate activity across multiple ingest sources and large data sets.