The Threat Hunter will be responsible for participating in threat actor based investigations, creating new detection methodology and providing expert support to incident response and monitoring functions. The focus of the Threat Hunter is to detect, disrupt and the eradication of threat actors from enterprise networks. To execute this mission, the Threat Hunter will use data analysis, threat intelligence, and cutting-edge security technologies.
ROLE & RESPONSIBILITIES
- Hunt for and identify threat actor groups and their techniques, tools and processes
- Participate in “hunt missions” using threat intelligence, analysis of anomalous log data and results of brainstorming sessions to detect and eradicate threat actors on customer’s networks.
- Provide expert analytic investigative support of large scale and complex security incidents.
- Perform analysis of security incidents for further enhancement of alert catalog
- Continuously improve processes for use across multiple detection sets for more efficient operations
- Review alerts generated by detection infrastructure for false positives and modify alerts as needed
- Develop dashboards and reports to identify potential threats, suspicious/anomalous activity, malware, etc
- Provide forensic analysis of network packet captures, DNS, proxy, Netflow, malware, host-based security and application logs, as well as logs from various types of security sensors
- Provide Tier 2 & Tier 3 support to vSOC analysts as needed
Validate suspicious events and incidents by using open-source and proprietary intelligence sources
- Desired proficiency with Splunk, ServiceNow, and third-party intelligence tools
$110,000 – $140,000 p/a (inc. annual bonus)
Full health, dental and vision insurance
401k plan & 50% company match
2-4 weeks paid vacation (depending on experience)