Threat Hunting Researcher, Unit 42 MTH (MSIAM)

About The Position

Requirements

• Understanding the threat landscape, including attack tools, tactics, and techniques, as well as networking and security fundamentals.
• Experience investigating targeted, sophisticated, or hidden threats in both endpoints and networks.
• 3+ years of relevant experience with a proven track record in cybersecurity research, specializing in either APTs or cybercrime, but with the ability to address the broader threat landscape.
• Background in forensic analysis and incident response tools (both Dynamic and Static, such as IDA Pro, Ollydbg, and Wireshark) to identify threats and assess the extent and scope of compromises.
• Understanding of APT operations, including attack vectors, propagation, data exfiltration, lateral movement, persistence mechanisms, and more.
• Familiarity with organizational cybersecurity measures, including protective tools and remediation techniques.
• Excellent written and oral communication skills in English.
• Strong attention to detail.
• Knowledge of advanced threat hunting methodologies and the ability to develop novel techniques.
• Ability to simplify and clarify complex ideas.
• Experience in writing technical blog posts and analysis reports.
• Ability to analyze and understand the infrastructure of malicious campaigns.
• Self-starter who can work independently and adapt to changing priorities.

Nice To Haves

• Experience in an Incident Response environment is a plus.
• Proficiency in Python and SQL is beneficial.
• Familiarity with reverse engineering is advantageous.

Responsibilities

• Perform threat hunting activities on any data source.
• Deal with the latest cybersecurity research projects and attacks.
• Build hypotheses, execute manual hunting techniques, gather and analyze results, perform forensic activities, and deliver reports.
• Develop, create, and execute new hunting hypothesis methodologies to uncover threats, understand their root causes, and attribute them.
• Leverage big data to discover threats and multiple threat intelligence.

Benefits

• Compensation offered will depend on qualifications, experience, and work location.
• The offered compensation may also include restricted stock units and a bonus.
• A description of our employee benefits may be found here.