28 Nov
Cyber Hunt Analyst
Vacancy expired!
Description The Cyber Hunt Analyst is responsible for supporting the customer in cyber-threat hunting and associated investigations. Also, perform hands-on investigations that require critical thinking and a broad understanding of multiple technologies. The incumbent will support development of presentations and reports to document findings, and will require good communication and interpersonal skills to convey findings in a tactful manner at the technical proficiency level of the audience. This is an opportunity for a team player to enhance a world-class team and learn new skills. Requirements
- Conduct traffic collection, passive/active hunt activities and analysis for threat/intrusion detection as a member of a technical team
- Must have a thorough knowledge beyond common network ports and protocols
- Research, identify and document adversary models for actors that could have an interest or target the supported organization/site (e.g. possible intelligence sources: MITRE ATT&CK/CAR, Sqrrl, ODNI and commercial/local/criminal/open-source intelligence (OSINT))
- Assist in analysis tool development, configuration, implementation and use
- Strategically place, configure and manage sensor technology
- Advanced knowledge in traffic and packet analysis using tools like Wireshark, tcpdump, Splunk, ELK, Bro, RSA and other
- Intermediate knowledge of common forensics techniques, frameworks, tools and capabilities (i.e. EnCase, Volatility, Forensic Toolkit (FTK))
- Develop or follow existing data analytic techniques for correlation of advanced threats TTP and indicators of compromise
- Work extensively from the Windows and UNIX/Linux command line (e.g. Bash and PowerShell)
- Actively hunt for threat, indicators of compromise and assist on investigations of cyber security incidents
- Employ extensive use of Microsoft Office main tools: Word, Excel, PowerPoint and Visio to prepare plans, reports, diagrams, tables, briefings, etc.
- Be able to present, demonstrate, explain and document operational impact for intrusions or system compromise
- Develop proof-of-concept examples and scenarios for reports and live demonstrations
- Create/document tactic, techniques and procedures (TTP) to train and expand/share knowledge with customers and team members
Vacancy expired!