Cyber Threat Investigator
LTIMindtree | Pune, MH, INPosted 16 days ago
Description
Position : Threat Hunter
Location : Hyderabad and Pune
Notice : Immediate to 30 days
Exp: 4 to 11 years
Job Description:
• Ready to work 24X7 shift environment.
• Research new detection techniques to prevent/mitigate abusive activities such as outbound security attacks, botnet, DDoS, Cobalt Strike, Ransomware, and other malicious behaviors.
• Hunts badness proactively and responds to sophisticated abuse events.
• Help assemble abuse response processes and playbooks and develop anomaly detection modules and stay up to date with attacker methodologies and TTPs.
• Capable in identifying Behavioral based Indicators of Compromise (BIOC).
• Writing detection logic (traps), focused at identifying suspicious behaviors that may, or may not, be detected by native AV’s.
• Map all the SIEM use-cases with MITRE framework to understand the risk posture from APT attacks perspective.
• Ability to determine false positives.
• Understanding of various attack methods, vulnerabilities, exploits, malware.
• Recognize and codify attacker techniques, tactics, and procedures with a view to creating indicators of compromise (IOCs) that can be applied to current and future investigations.
• Create and maintain run books for hunting and investigating key threats.
• Identify compromised and affected machines.
• Validating effort reports, preparing RCA’s and postmortem reports as per the requirement.
• Track team metrics in a detailed and timely manner; proactively monitoring SLA’s.
Qualifications:
• Undergraduate degree in computer science, engineering, information science, or a related technical discipline
• Demonstrated relevant experience as a key member of a threat hunter, threat intel, incident response, malware analysis, or similar role.
• Strong knowledge of malware families, network attack vectors, botnets, threats by sector, and various attack campaigns and attacker methods, tools/techniques/practices.
• Strong knowledge of Windows system internals.
• Knowledge of Linux and MAC log analysis would be an added advantage.
• Strong knowledge of web applications and APIs
• Expert understanding of concepts such as MITTRE Framework and Cyber Kill chain
• Strong knowledge of Threat Intelligence, Penetration Testing, etc.
• Strong Knowledge of coding experience in at least one of the following: Powershell Scripting, Kusto Query Language, Bash, Python and JavaScript.
• Relevant Technical Security Certifications such as CEH, CHFI, OSCP or CISSP a plus.