Cyber Threat Investigator

Position : Threat Hunter

Location : Hyderabad and Pune

Notice : Immediate to 30 days

Exp: 4 to 11 years

Job Description:

• Ready to work 24X7 shift environment.

• Research new detection techniques to prevent/mitigate abusive activities such as outbound security attacks, botnet, DDoS, Cobalt Strike, Ransomware, and other malicious behaviors.

• Hunts badness proactively and responds to sophisticated abuse events.

• Help assemble abuse response processes and playbooks and develop anomaly detection modules and stay up to date with attacker methodologies and TTPs.

• Capable in identifying Behavioral based Indicators of Compromise (BIOC).

• Writing detection logic (traps), focused at identifying suspicious behaviors that may, or may not, be detected by native AV’s.

• Map all the SIEM use-cases with MITRE framework to understand the risk posture from APT attacks perspective.

• Ability to determine false positives.

• Understanding of various attack methods, vulnerabilities, exploits, malware.

• Recognize and codify attacker techniques, tactics, and procedures with a view to creating indicators of compromise (IOCs) that can be applied to current and future investigations.

• Create and maintain run books for hunting and investigating key threats.

• Identify compromised and affected machines.

• Validating effort reports, preparing RCA’s and postmortem reports as per the requirement.

• Track team metrics in a detailed and timely manner; proactively monitoring SLA’s.

Qualifications:

• Undergraduate degree in computer science, engineering, information science, or a related technical discipline

• Demonstrated relevant experience as a key member of a threat hunter, threat intel, incident response, malware analysis, or similar role.

• Strong knowledge of malware families, network attack vectors, botnets, threats by sector, and various attack campaigns and attacker methods, tools/techniques/practices.

• Strong knowledge of Windows system internals.

• Knowledge of Linux and MAC log analysis would be an added advantage.

• Strong knowledge of web applications and APIs

• Expert understanding of concepts such as MITTRE Framework and Cyber Kill chain

• Strong knowledge of Threat Intelligence, Penetration Testing, etc.

• Strong Knowledge of coding experience in at least one of the following: Powershell Scripting, Kusto Query Language, Bash, Python and JavaScript.

• Relevant Technical Security Certifications such as CEH, CHFI, OSCP or CISSP a plus.