IT - Systems Integration
Oct 22, 2020
The Threat Hunting Analyst shall have knowledge of, and experience in: threat hunting methodologies, malware analysis, threat intelligence, cyber observables and indicators of compromise (IoC) along with security incident handling. Should be able to perform advanced analysis of adversary tradecraft, malicious code, and related capabilities. Provides cyber threat intelligence analysis for briefing and reporting. Serves as the expert who shall be responsible for providing cyber threat and intelligence technical support to assigned customers. The Threat Hunting Analyst is also required to provide technical support to monitor, correlate, identify, analyze, mitigate, manage, track and support processes for all security incidents.
- Analyze and identify cyber threat activity based on their known techniques, tactics, procedures (MITRE ATT&CK Framework).
- Good understanding of the MITRE ATT&CK Framework, cyber observables, and indicators of compromise (IoC).
- Analysis of host-based and network-based security alerts, responding to potential threats and vulnerabilities.
- Perform investigation of intrusion attempts and in-depth analysis of indicators of compromise (IoC) from several log sources.
- Perform initial triage on security events populated in the Security Information and Event Management (SIEM) system.
- Support in the development of advanced SIEM rules and alerts to detect adversary techniques, tactics, and procedures.
- Analyze a variety of network and endpoint-based security appliance logs (Firewalls, EDR, IDS, Syslogs, etc) to determine the correct remediation actions and escalation procedures.
- Coach and support Junior Threat Hunters to improve Difenda’s identification, analysis, and breach detection.
- Independently follow procedures to contain, analyze, and eradicate malicious activity.
- Document all activities during an incident and provide leadership with status updates during the life cycle of the incident.
- Create a final incident report detailing the events of the incident.
- Support the development of processes and procedures to improve monitoring, analysis, detection, incident response times, and overall C3 operations.
- Intrusion detection, Threat hunting and Continuous Monitoring.
- Networking Security fundamentals.
- Security technology (Firewalls, IDS/IPS etc.)
- SIEM (Splunk or Elastic).
- Knowledge of Vulnerability Assessment and Penetration testing.
- Scripting skills (e.g., PowerShell, Python, shell scripting).
- Bachelor’s degree or higher, preferably in Information Systems, Computer Science, Engineering, or other related majors
- At least 3-5 years of recent operational security experience (SOC, Incident Response, Malware Analysis, IDS/IPS Analysis, etc.).
- Experience with intrusion detection and threat hunting
- Experience with EDR Technologies.
- Expertise in Malware Analysis (Intermediate level).
Certifications (nice to have):
- EC-Council (CND, CEH, ECSA)
- eLearn Security (THP, IHRP, REP, MAP, DFP)
- SANS GIAC Certified (GCIA, GCIH, GMON, GREM, GDAT, etc).
- Offensive Security (OSCP, OSCE, OSWE).
- Certified Computer Security Incident Handler (CSIH).
- Suitable to obtain Canadian Federal Government SECRET clearance, or the ability to obtain a clearance.