Job Description

Contribute to the design and execution of complex and unique hypothesis-based Cyber Threat Hunts, including hypothesis drafting and final documentation and closure.\xc2\xa7 Perform research and analysis of attacker techniques and emulate those attacks in controlled research environment.\xc2\xa7 Maintain current knowledge of attacker TTPs by actively consuming open and closed source threat intelligence.\xc2\xa7 Collaborate with the SOC and IR teams to investigate major incidents.\xc2\xa7 Provide counsel to Cyber Threat Hunt and Cyber Intelligence Leadership team regarding vendors, technologies, and special projects, and interact with suppliers to ensure appropriateness of Cyber Hunt and Detection tools and their configuration.\xc2\xa7 Interface with industry peers to acquire and share Cyber Hunt best-practices in the sector\xc2\xa7 Collect and analyze threat intelligence reports covering new threats, vulnerabilities, products, and research\xc2\xa7 Conducts deep-level analysis of malware, including how it is developed, functions, and is employed\xc2\xa7 Author threat intelligence reports, driven by our security operations team\'s own incidents, analysis, and adversary engagements\xc2\xa7 Evolve monitoring operations by extracting data from threat intelligence and create new content, signatures, and understanding of adversary TTPs\xc2\xa7 Analyze event feeds and collected malware over long term to trend and correlate\xc2\xa7 Investigate impact to customers to determine whether new detections or compromise notifications are necessary\xc2\xa7 Capable of conducting threat research focused on nation state, criminal, or other malicious activities\xc2\xa7 Deep understanding of APT and actor landscape\xc2\xa7 Threat Hunter to identify insider threats or outside attackers and take appropriate\xc2\xa7 Hypothesis to eradicate such incidents in customer.\xc2\xa7 Proactively hunting for known adversaries by leveraging MITRE framework\xc2\xa7 Searching for hidden threats to prevent the attack from happening by the use behavioral\xc2\xa7 analysis to detect anomalies indicating a threat.\xc2\xa7 Assist the SOC Monitoring & IR team in analysis and resolution of Major incidents.\xc2\xa7 Leverage Threat Intelligence gathered to execute Threat Hunting campaigns. Following types of Threat Hunting campaigns will be executed.\xc2\xa7 Threat Indicator driven threat hunting.\xc2\xa7 Hypotheses driven threat hunting.\xc2\xa7 MITRE ATT & CK framework driven hunting campaigns\xc2\xa7 Escalate true positives to Incident status and assist in relevant incident response\xc2\xa7 Perform end-to-end threat hunting, developing, maturing and maintaining TTP or attack pattern detection techniques.\xc2\xa7 Perform the full threat hunting cycle, including recommendations for EDR detection rules.\xc2\xa7 Collaborate with IR team to recommend and mitigate the effects caused by an incident.\xc2\xa7 Perform technical cyber security investigations on security incidents, root cause analysis and deep dive analysis of malicious artifacts, analyze threat intelligence, identify TTP and attack patterns.\xc2\xa7 Help mature the Security Incident Response process to ensure it meets the needs of the global business and is adhered to.\xc2\xa7 Analyze large and unstructured data sets to identify trends and anomalies indicative of malicious activities.\xc2\xa7 Threat Analyst collects data types and sources of information. In addition to commonly collecting forms of threat data, i.e., malicious IPs and domains, vulnerability data such aso personally identifiable information, and information from news and social media sources.o Threat Analyst performs sorting, filtering, indexing on raw data. They also format and structure raw data.o Analyst takes the result of several tools, data sources and combines those data points on a per-host basis, performing, investigating, and analyzing data.o Intel feeds to all the stacks which requires priority attention to protect.Education QualificationEngineering graduate from Computer Science, IT, Telecommunication or a similar disciplinePost-Graduation: PGDIT, MCA, MBAKey Skills\xc3\xbc Certification like CISSP, CISA or CISM\xc3\xbc Ability to handle senior management escalation.\xc3\xbc Vendor management Skills\xc3\xbc Effective communication\xc3\xbc Proficient team leader\xc3\xbc Strategic skills\xc3\xbc Decision making and communication.\xc3\xbc Risk management skills\xc3\xbc Knowledge of latest cyber security trends & global industry best practices pertaining to financial Industry\xc3\xbc Technical working knowledge, understanding of SIEM technology, various other security technology.

RiverForest Connections