Security Engineer - Threat Hunting

Threat Hunting analyst performs a wide variety of security duties with a primary focus on threat actor-based tactics, techniques, and procedures. The ability to manage multiple simultaneous threat hunts spanning several platforms with various TTPs is a key function of this role. Knowledge sharing and mentoring of team members is a critical and necessary skill. Must have the ability to operate under pressure and influence the team dynamic when responding to incidents. Should be able to work to enhance and improve the team and processes over time in a well-established manner.

Roles and responsibilities

• Perform hypothesis-based threat hunts using popular MITRE attack framework
• Perform intel-based threat hunting
• Conduct threat simulation exercises to test current security control
• Create diamond models to model threat activity
• Work directly with leadership to develop and improve existing internal processes
• Develop new processes that will add value to threat hunting team
• Provide proactive assistance to junior analysts to help them develop their skillset
• Develop advanced correlation rules for threat detection using CQL (CrowdStrike Query Language)
• Create and utilize threat intel report to conduct manual hunts across available data sources
• Perform static and dynamic analysis of malicious files
• Work proactively on critical security incidents
• Perform vulnerability review and risk assessment
• Core experience with Crowdstrike or SPLUNK
• L3 level experience into investigation, recommendation and take decisions related to Security Incident Investigation, Worked with Leadership
• Manage End-2-End Security Incident Investigation
• Experience in creating MITRE Attack Framework
• Knows basics of Vulnerability Analysis & Risk Assessment
• Manual Hunt
• Actively search for threats that may not have been detected by automated security tools.
• Detect hidden or undisclosed threats using advanced techniques and tools.
• Develops hypotheses about potential threats based on threat intelligence and industry trends.
• Performs an in-depth analysis of the network and system to uncover IOCs and APTs.
• Works closely with other cybersecurity teams to improve detection capabilities and share findings.
• Have a high level of knowledge in scripting (e.g. Python, PowerShell) to automate threat hunting tasks.
• Deeply analyze the tactics, techniques, and procedures (TTPs) of the attacker.
• Advanced Threat Detection
• Scripting and Programming Knowledge
• Advanced PowerShell, Bash, and Cmd Analysis
• Threat Intelligence, Malware Analysis, Vulnerability Analysis, Cloud Security, Data Analysis

Required skills

• Ability to perform threat hunting using MITRE attack framework
• Ability to identify/detect/explain malicious activity that occurs within environments with high accuracy/confidence level
• Ability to develop advanced correlation rules for threat detection. Must be expertise in creating queries using SPL (Search processing language used by Splunk) or CQL (CrowdStrike Query language)
• Ability to create threat intelligence reports based on available threat intel
• Ability to perform static and dynamic analysis of possible malicious files
• Ability to perform Vulnerability analysis and risk assessment
• Should have strong log analytical skills
• Should be able to demonstrate good incident response skills in case of critical security incidents
• Moderate understanding of Windows and Linux operating systems, as well as command line tools
• Strong verbal as well as written communication skills
• Basic understanding of malware analysis

Year of Experience

Tools

Certification

• GIAC / Offensive Security certifications preferred
• CTHP (CTHP (Certified Threat Hunting Professional): An advanced certification for threat hunters.) ,
• C|TIA (Certified Threat Intelligence Analyst),
• GIAC Certified Threat Intelligence (GCTI),
• Certified Threat Hunting Professional (CTHP).

One of this is a must have.

Programing language

Qualification