Threat Hunting Analyst

Title: Threat Hunting Analyst About Medline: About Medline India: Medline India was setup in 2010 in Pune, primarily as an offshore Development centre and to augment resources for Medline Industries LP headquartered in Chicago, USA. We are a 1500+ strong and growing team of technology, finance and business support professionals who support our businesses worldwide towards a mission to make healthcare run better. We are an organization with a conducive work environment, ample opportunities to learn, contribute and grow with a highly empowered engaged team. We encourage our people to share their best ideas and create new opportunities for our customers and ourselves to work together to solve today s toughest healthcare challenges. About Medline Industries, LP: Established in 1966, Medline Industries LP is a renowned global healthcare organization boasting 56 years of consecutive sales growth, exceeding $21 billion in annual sales. With a workforce of over 36,000 professionals spread across the globe, we operate in more than 125 countries and territories. As the largest privately held manufacturer and distributor of medical supplies in the United States, Medline is uniquely positioned to offer comprehensive products, education, and support across the continuum of care. At present, Medline Industries, LP holds the esteemed position as the #1 market leader, delivering an extensive portfolio of over 550,000 medical products and clinical solutions. Our clientele includes hospitals, extended care facilities, surgery centres, physician offices, home care agencies, providers, and retailers. Were proud to be recognized by Forbes as one of America s Best Large Employers and Best Employers for Women. Additionally, the Chicago Tribune has consistently named us a Top Workplace for the past 12 years. Job Description: Threat Hunting analyst performs a wide variety of security duties with a primary focus on threat actor-based tactics, techniques, and procedures. The ability to manage multiple simultaneous threat hunts spanning several platforms with various TTPs is a key function of this role. Knowledge sharing and mentoring of team members is a critical and necessary skill. Must have the ability to operate under pressure and influence the team dynamic when responding to incidents. Should be able to work to enhance and improve the team and processes over time in a well-established manner. Roles and responsibilities: Perform hypothesis-based threat hunts using popular MITRE attack framework Perform intel-based threat hunting Conduct threat simulation exercises to test current security control Create diamond models to model threat activity Work directly with leadership to develop and improve existing internal processes Develop new processes that will add value to threat hunting team Provide proactive assistance to junior analysts to help them develop their skillset Develop advanced correlation rules for threat detection using CQL (CrowdStrike Query Language) Create and utilize threat intel report to conduct manual hunts across available data sources Perform static and dynamic analysis of malicious files Work proactively on critical security incidents Perform vulnerability review and risk assessment Required skills: Ability to perform threat hunting using MITRE attack framework Ability to identify/detect/explain malicious activity that occurs within environments with high accuracy/confidence level Ability to develop advanced correlation rules for threat detection. Must be expertise in creating queries using SPL (Search processing language used by Splunk) or CQL (CrowdStrike Query language) Ability to create threat intelligence reports based on available threat intel Ability to perform static and dynamic analysis of possible malicious files Ability to perform Vulnerability analysis and risk assessment Should have strong log analytical skills Should be able to demonstrate good incident response skills in case of critical security incidents Moderate understanding of Windows and Linux operating systems, as well as command line tools Strong verbal as well as written communication skills Basic understanding of malware analysis Year of Experience: 6+ years (Security Operations + Threat Hunting - [Minimum 2 years should be in threat hunting]) Tools - CrowdStrike, Splunk, Logscale Humio Certification: COMPTIA Security+, CEH Programing language - Python (Good to have) Qualification: Bachelor of Engineering in any stream