Lead Analyst - Hunt Team

In this role, you will collaborate and utilize problem solving skills as you work among a team of skilled analysts to address complex problems and add value to the organization and our customers. The team is looking for a highly motivated individual with a passion for research and uncovering cybersecurity threats and threat actors. 

We are on a mission to protect and defend our customers, enable better risk-informed business decisions, and drive innovation and excellence within Cyber Security. Come be a part of a growing team that is doing important, challenging, and fulfilling work in support of that mission.

‍

‍

‍

• The Lead Analyst – Hunt Team provides incident detection and response services for our CyberDNA managed NSM service.
• Organize and lead proactive threat-based investigations to identify anomalous activity indicative of active compromise, previous compromise, misconfigurations, or other notable observations to support the protection of our customers’ environments
• Create, update, and maintain detection methodology and provide expert support (including off hours) to analyze and triage potential incidents.
• Take work outputs from hunts and investigations and guide customers to take necessary action(s) in order to successfully remediate identified issues.
• Research new cyber threats, actors, and technologies that impact our customers and industry.
• Maintain awareness within the threat intelligence community of vulnerabilities being exploited and provide comprehensive assessments on the impact to our environment.
• Translate threat intelligence into detection and hunting strategies, hypotheses, and queries.
• Utilize tools and advanced techniques to hunt and identify threats and actor groups and their motives, techniques, tools, and methods.
• Identify anomalous behavior on the network or endpoint devices of our customers and be able to provide an assessment of threat actor, malware, and other behaviors.
• Provide one-on-one mentoring to peers and junior analysts; serve as subject matter expert (SME) and escalation point for rest of the team.
• Develop and administer formal and ad-hoc team training courses.
• Periodically write and present assessment reports to peers, management, and/or customers.
• Find the bad guys and generally have fun (and satisfaction) kicking them out of places they shouldn’t be!

‍

‍

‍

• Bachelor’s degree in computer science, information security or equivalent practical work experience.
• 7+ years of hands-on experience responding to cyber-attacks with prior experience in security operations, incident response, cyber threat intelligence, and malware analysis.
• Thorough understanding of intermediate to advanced security and network concepts (OSI model, TCP/IP networking stack, firewalls, IDS/IPS, other networking technologies, etc.).
• Excellent technical knowledge of operating systems(e.g., Windows, macOS, Linux/Unix) and a wide range of security technologies(e.g., network security appliances, vulnerability scanners, anti-malware solutions, SIEM tools, advanced threat protection systems, and automated policy compliance and desktop security tools).
• Familiarity with technologies such as VPN, Active Directory, virtualization platforms, and databases.
• Detailed working knowledge of network monitoring, system log analysis, troubleshooting, and configuration control technologies.
• Strong understanding of industry security best practices and standards.
• Ability to work in a fast-paced, operational, and team-oriented environment (including non-standard work hours in response to Information Security incidents).
• Ability to demonstrate analytical mindset, close attention to detail, excellent critical thinking, logic, and adaptive learning (while balancing speed and thoroughness).
• Ability to navigate ambiguity and develop working business relationships.
• Superior knowledge of common attack methods and their detection techniques.
• Experience providing managed NSM services to multiple customers is a plus.
• Understanding of malware analysis and ability to perform basic static and dynamic analysis.
• Consumption, analysis, and production of tactical threat intelligence.
• Hands-on experience with firewalls, routers, and other security appliances.
• Familiarity with security instrumentation and incident response in cloud environments.
• Experience with McAfee Endpoint Security or other Endpoint Security tools (e.g., Crowdstrike, Cylance, Tanium, Carbon Black)
• Professional certification in cyber/information security (GCIA, GCIH, GCFA, CISSP, etc.)

‍

‍