Cyber Threat Investigator

Description :

Manage security event monitoring and incident response using SIEM platforms, with preference for Azure Sentinel and ArcSight. Analyze and respond to security events from diverse sources such as firewalls, IDS/IPS, antivirus solutions, DAM systems, web servers, proxies, and banking applications. Develop and maintain alert rules and logic within SIEM to ensure accurate detection of security events. Assist senior personnel in managing complex security incidents and improving incident response times.

Job Purpose :

Administration:

Responsible for threat-hunting by proactively identifying and mitigating advanced threats within an organization’s network

This role involves working closely with the security operations team to enhance organization’s cybersecurity posture by proactively identifying and mitigating advanced threats

Key Result Areas :

• Proactive Threat Hunting: Conduct proactive threat hunting activities to identify and isolate advanced threats that may bypass traditional security measures over network, endpoints, and cloud environments, searching for indicators of compromise (IOCs), advanced persistent threats (APTs), and other hidden adversary activity
• Utilize advanced analytical techniques such as behavioral analysis, anomaly detection, and machine learning to identify emerging threats and patterns
• Leveraging threat intelligence (both internal and external) to correlate and enhance hunting activities and adapt to new attack tactics, techniques, and procedures (TTPs).
• Develop and apply hunting frameworks and methodologies to continuously improve detection capabilities. This includes leveraging frameworks like MITRE ATT&CK for understanding adversary tactics and behaviors.
• Data Analysis: Analyze large datasets, network traffic, and user behavior to detect anomalies and potential security breaches
• Hypothesis Development: Develop and test hypotheses about potential malicious activities within the organization’s environment.
• Incident Response: Collaborate with the incident response team to investigate and respond to identified threats.
• Threat Intelligence Integration: Utilize threat intelligence to inform and enhance threat hunting activities.
• Reporting and Documentation: Document findings, create detailed reports, and communicate results to stakeholders.
• Continuous Improvement: Stay updated with the latest threat landscapes, attack techniques, and security technologies to continuously improve threat hunting methodologies.

Key Principles :

• Alignment with Business Priorities: Provide strategic direction and oversight of threat-hunting process, ensuring alignment with organizational goals and objectives
• Ownership and Accountability: The threat hunting manager takes full responsibility for activities and the holding self and team accountable for their outcomes.
• Driving Threat hunting Maturity Enhancement: This role proactively drives initiatives that enhance incident response and resilient cyber posture.
• Focus on Outputs and Impact: Focus on delivering outputs that create meaningful impact such as enhanced security culture and protection posture of the bank.
• Innovation and Automation: Continuously seek innovative solutions and automated processes for efficiency.

Continuous Learning and Improvement: Committed to learning from experiences and continuously improving the processes and outcomes.

Key skills :

Essential knowledge

• Have over 10+ years of rich experience in information security domain and at least 4-6 years of dedicated experience in Threat-hunting.
• Proficiency in using threat intel platforms such as CybelAngel, ThreatConnect, Recorded Future, DarkTrace etc.
• Proficiency in using SIEM and SOAR solutions.
• Strong understanding of network protocols and security technologies.
• Strong understanding of endpoint detection and response (EDR) tools.
• Excellent analytical and problem-solving skills
• Preferably worked in BFSI domain with proven experience in SOC function.
• Knowledge of key security standards and regulations such as NIST 800-61, CERT/CC, ISO 27035 etc.

Skills and Application

• Maintaining up-to-date knowledge of security landscape, threats, attack patterns and counter measures
• Assess and design threat-hunting processes through solutions, tools and methodologies
• Reviewing use cases/playbooks for integrating threat-intel
• Continuously monitor security hygiene and performance using tools and processes
• Collaborate with other IS teams, Ops and tech teams on enhancing security incident response resilience

Other

• Knowledge of evolving advanced tech stacks and related control and risk universe from a threat-hunting perspective.
• The ideal candidate will have a technical or computer science degree.
• Professional certifications : GCIH, CISSP, CEH,etc.