Description

Title: CyberSecurity Analyst / Threat Hunter
Location: Remote
Duration: 9+ Months
Restrictions: W2 Applicants ONLY

Summary
Threat Hunter

Responsibilities:
The ideal candidate will be a member of Cybersecurity Incident and Response Team (CSIRT) organization with responsibility for helping to design, build, and deliver major components of threat hunting strategy. The role is part of a cross-functional team with deep knowledge of security processes and procedures, and process analytics in order to pursue and prove or disprove hypotheses related to malicious activity.
- - During major incidents, the candidate will be involved in the IR process to help on incident investigation, performing forensics activities and utilizing structured methodologies to respond to threats

- - Using a holistic approach to analyze threats based on internal threat intelligence reports and/or open-source articles and reports related to new security threats, but not limited to:
- Derive actionable indicators - IOCs and TTPs
- Define threat hunting hypothesis based on derived indicators
- Define threat hunting content for detection and/or monitoring solutions (EDR - RSA ECAT, CarbonBlack; SIEM - Splunk)
- - Define testing scenarios for hunting and/or detection content before pushing into preproduction:
- simulate TPs and normal activities (FP whitelisting purposes)
- Retro-hunting based on the indicators related to a threat actor

- - Maintain and develop the existent custom threat hunting automation system, propose and develop any automation mechanism that can increase the process efficiency:
- Use scripting language to automate hunting mechanism for threats (eg. PowerShell, Python)
- Develop new components that can be integrated with existent custom and/or COTS solutions used within CSIRT
- Monitor the results of the automated hunts and develop hunting reports

- - Create and/or work incidents and/or investigations for suspicious and/or true positives found during hunting activities:
- True Positives, as being hunting results for a specific threat, will be analyzed/worked by threat hunting analyst and results will be disseminated to the relevant and/or other involved teams from CSIRT

- - Create reports based on the threat hunting activities findings:
- Executive reports to be included into periodically threat team reporting and/or Technical reports to be included into related incident/investigation IR reporting

- Analyze the threat hunting detections only content hits and statistics, create accuracy and efficiency reports and propose new content to be transition to alerts for IR teams, using Agile methodology for the entire process

- - During incident investigations, the analyst will actively participate in incident response process, executing forensic investigations activities:
- Analyze computer data, network traffic, e-mail activity, integrity and logs
- Work with forensic tools to image hard drives, uncover files and present in a format for legal purposes
- Properly document legal hold and other e-discovery activities

- - During incident investigations, the analyst will act as an escalation point for the IR team, to help on analyzing the collected data and evidences, enrich the reports with hunting results based on related IOCs and TTPs

- - As part of the edge defense team, the analyst will be handling the alerts and escalations related to, but not limited to, Akamai Web Application Firewall (WAF) & Bot Management and Arbor anti-DDoS solutions:
- Respond to escalations from other business teams (Sales, Website Support, Development, etc.)
- Create, update and maintain applications specific content (custom rules and alerts)

Requirements:
- 3+ years experience
- Bachelor's degree in Information Systems, a related field or relevant experience
- Knowledge and understanding of Tactics, Techniques and Procedures (TTP) used as means of profiling a certain threat actor
- Problem-solving skills with ability to assess and derive threat hunting hypothesis
- Knowledge of networking, infrastructure and application security fundamentals, concepts and frameworks

The Company is an equal opportunity employer and makes employment decisions on the basis of merit and business needs. The Company will consider all qualified applicants for employment without regard to race, color, religious creed, citizenship, national origin, ancestry, age, sex, sexual orientation, genetic information, physical or mental disability, veteran or marital status, or any other class protected by law. To comply with applicable laws ensuring equal employment opportunities to qualified individuals with a disability, the Company will make reasonable accommodations for the known physical or mental limitations of an otherwise qualified individual with a disability who is an applicant or an employee unless undue hardship to the Company would result.