Principal Cyber Threat Hunter
Location: Remote, CA, United States
Date Posted: Nov 23, 2021
Securonix provides the Next Generation Security and Information Event Management (SIEM) solution. As a recognized leader in the SIEM industry, Securonix helps some of the largest organizations globally to detect sophisticated cyberattacks and rapidly respond to these attacks within minutes. With the Securonix SNYPR platform, organizations can collect billions of events each day and analyze them in near real time to detect advanced threats, insider threats, privilege account misuses and online fraud.
Securonix pioneered the User and Entity Behavior Analytics (UEBA) market and holds patents in the use of behavioral algorithms to detect malicious activities. The Securonix SNYPR platform is built on big data Hadoop technologies and is infinitely scalable. Our platform is used by some of the largest organizations in the financial, healthcare, pharmaceutical, manufacturing, and federal sectors.
The Securonix Threat Labs team is looking for an experienced Cyber Threat Hunter to join our team. Our elite team of Cyber Hunters identify and defeat advanced threat groups and complex insider threats, analyze patterns to profile adversary groups to protect and defend the most coveted intelligence target in the world. Our hunters spend each day identifying evidence of threat actor activity and working with our Threat Researchers, Detection Engineers and expert Data Scientists, along with top security teams across the globe to continually improve our detection capabilities and security controls. Use your expertise of hunting out the Black Hat's playbook, identify anomalies, develop scenarios based on real-world cyber threat intelligence, conduct analysis on the associated data sets, and leverage the Securonix Autonomous Threat Sweep engine in the process. The Securonix Autonomous Threat Sweep engine automatically and retroactively hunts for new and emerging threats in current and long-term historical data based on the latest, up-to-date threat intelligence. You will hunt for adversary behavior and based on findings, collaborate with all operational and technical teams within Securonix Threat Labs in order to develop logic to operationalize future detections and analytics that identify malicious behavior accurately while maintaining a low false positive rate.
Responsibilities include, but are not limited to:
- Construct and exploit threat intelligence to detect, respond, and defeat advanced threats
- Fully analyze network and host activity in successful and unsuccessful intrusions by advanced attackers
- Piece together intrusion campaigns, threat actors, and nation-state organizations
- Perform advanced threat research to proactively identify potential threat vectors and work with engineering and security teams to improve prevention and detection methods.
- Manage, share, and receive intelligence on adversary groups
- Expand upon existing hunting libraries to build profiles of adversary groups
- Leverage intelligence to better defend against and respond to future intrusions
- Conduct advanced threat hunt operations using known adversary tactics, techniques and procedures as well as indicators of attack in order to detect adversaries with persistent access to the enterprise
- Create and add custom signatures, to mitigate highly dynamic threats to the enterprise using the latest threat information obtained from multiple sources
- Develop and produce reports on all activities and incidents to help maintain day to day status, develop and report on trends, and provide focus and situational awareness on all issues
- Maintain memberships and establish intelligence-sharing relationships with appropriate sources within the threat intelligence community.
- Author, update, and maintain a library and relevant documentation of reusable hunt tactics and techniques for the extended team delivering threat services.
- Maintain knowledge of the current security threat level by monitoring related Internet postings, Intelligence reports, and other related documents as necessary
- Minimum of 3 years of progressively responsible experience in cyber threat hunting, incident response, or related experience
- Expertise in network, host, and cloud-based security, attack techniques, analysis, and investigation
- Expert understanding around one of the following : Windows AD or Cloud Infrastructure such as AWS / Azure / GCP
- Hands-on experience with information security tools such as an enterprise SIEM solution, IDS/IPS, endpoint security solutions, email/web security gateways, and other security detection/mitigation devices
- Demonstrated experience planning and executing threat hunt missions
- Ability to take initiative and prioritize tasks
- Expertise with operation of both Windows and Linux based systems
- Excellent at writing complex search or analytics for popular SIEM solutions.
- Deep understanding of a variety of logs coming from cloud, network or endpoint devices.
- Expert level understanding of advanced attacks and defense techniques.
- Experience with triaging various disparate anomalies to detect meaningful threat scenarios
- Understanding of the current cyber threat landscape, the different tactics commonly used by adversaries and how you would investigate, contain and recover against their attacks.
- Proficiency with scripting languages such as Python, Bash or PowerShell is not mandatory but a plus.
- Experience with dynamic malware analysis is not mandatory but a plus
- Experienced in network traffic analysis & perimeter device log analysis.
- Experience creating or leveraging high fidelity intelligence and threat detection content utilizing YARA, SIGMA, or proprietary tools is not mandatory but preferred.
- Excellent Interpersonal, organizational, writing, communications, and briefing skills
- Exceptional analytical and problem solving skills
- Certifications such as OCSP, eCPPT , GREM , GPEN, PNPT are not mandatory but preferred.
Familiarity with the following classes of enterprise technologies:
- Endpoint tools like Sysmon, PowerShell, Crowdstrike , Carbon Black or similar
- Network devices such as Next generation firewalls, DNS tools
- Web/Email gateway security technologies
- Mitre ATT&CK , Diamond or Lockheed Martin Framework / Killchain
- Cyber Network Operations/Penetration Test Methodologies and tools like Metasploit , Kali Linux, Cobalt Strike, Atomic red team etc.