Cyber Threat Hunt & Intelligence Detection and Capabilities Lead

About The Position

Requirements

• 8+ years of experience in a technical role in the areas of Security Operation, Incident Response, Detection Engineering, Offensive Security/Red Team, or Cyber Threat Intelligence
• Direct experience developing detections for threats within cyber security tools
• Direct experience developing automations within security orchestration and automation platforms
• Experience analyzing system, network, and application logging for attack techniques at all stages of the cyber kill chain.
• Direct experience working with very large datasets and log analysis tools including but not limited to: Splunk, Python, Pandas, SQL, Hadoop, Hue.
• Experience consuming and analyzing Cyber Threat Intelligence for actionable takeaways
• Ability to apply Cyber Threat Intelligence through enrichment, correlation, and attribution
• Familiarity with offensive security strategies and assessment methodology
• Experience explaining threat hunt objectives in plain English and able to communicate associated risk.
• Ability to see the larger picture when dealing with competing requirements and needs from across the organization in order to build consensus and drive results.
• Ability to navigate and work effectively across a complex, geographically dispersed organization.
• Experience with more than one or more enterprise scale EDR and SIEM tools.
• Previous experience performing digital forensics or indecent response on major security incidents.
• Demonstrated ability to self-direct, with minimal supervision to achieve assigned goals.

Nice To Haves

• Knowledge of basic Data Science concepts and processes.
• Experience with offensive security tools such as Cobalt Strike/Metasploit, techniques such as OSINT, and the methods used to compromise large enterprise networks.
• Experience performing security analysis and threat hunting in Cloud environments such as Azure, M365, AWS

Responsibilities

• manage detection content to production
• develop bespoke capabilities and automations
• collaborating with data science, threat research, and cyber defense control teams to identify opportunities to develop analytical methods to detect advanced threat actors who utilize emerging tactics and techniques
• developing and documenting the detection lifecycle from content creation, triage methodology and transfer to the respective production operations team
• actively share knowledge and mentor more junior members of the threat hunt and intel teams
• gain insight into critical security controls and architectural specifics to develop valuable hunt strategies and analytics that identify malicious behavior accurately while maintaining a low false positive rate
• advises on and reviews product assessments, policy adjustments, and architectural transformations that impact the global corporation
• thought leader in the design of cutting-edge detective, preventative, and proactive controls