Threat Hunting Analyst

• Threat Hunting analyst performs a wide variety of security duties with a primary focus on threat actor-based tactics, techniques, and procedures
• The ability to manage multiple simultaneous threat hunts spanning several platforms with various TTPs is a key function of this role
• Knowledge sharing and mentoring of team members is a critical and necessary skill
• Must have the ability to operate under pressure and influence the team dynamic when responding to incidents
• Should be able to work to enhance and improve the team and processes over time in a well-established manner

Roles and responsibilities:

• Perform hypothesis-based threat hunts using popular MITRE attack framework Perform intel-based threat hunting Conduct threat simulation exercises to test current security control Create diamond models to model threat activity
• Work directly with leadership to develop and improve existing internal processes Develop new processes that will add value to threat hunting team
• Provide proactive assistance to junior analysts to help them develop their skillset Develop advanced correlation rules for threat detection using CQL (CrowdStrike Query Language)
• Create and utilize threat intel report to conduct manual hunts across available data sources
• Perform static and dynamic analysis of malicious files Work proactively on critical security incidents Perform vulnerability review and risk assessment

Required skills:

• Ability to perform threat hunting using MITRE attack framework Ability to identify/detect/explain malicious activity that occurs within environments with high accuracy/confidence level
• Ability to develop advanced correlation rules for threat detection
• Must be expertise in creating queries using SPL (Search processing language used by Splunk) or CQL (CrowdStrike Query language)
• Ability to create threat intelligence reports based on available threat intel
• Ability to perform static and dynamic analysis of possible malicious files
• Ability to perform Vulnerability analysis and risk assessment Should have strong log analytical skills
• Should be able to demonstrate good incident response skills in case of critical security incidents
• Moderate understanding of Windows and Linux operating systems, as well as command line tools
• Strong verbal as well as written communication skills
• Basic understanding of malware analysis
• Year of Experience: 6+ years (Security Operations + Threat Hunting - [Minimum 2 years should be in threat hunting])
• Tools - CrowdStrike, Splunk, Logscale Humio Certification: COMPTIA Security+, CEH
• Programing language - Python (Good to have)
• Qualification: Bachelor of Engineering in any stream