Cyber Threat Hunter

The role of a Security Operations Analyst involves overseeing the day-to-day monitoring and analysis of security threats. This includes managing security incidents, reviewing security alerts for compliance, and collaborating with senior analysts to address known or suspected security threats.

• Identify, assess, and contain threats to enterprise systems, infrastructure, and business applications.
• Manage and support log collection, security scanning, intrusion detection, content filtering, and other security-related systems.
• Review and triage security alerts, provide analysis, determine remediation, and escalate as appropriate.
• Provide support for log management and SIEM solutions.
• Investigate improper access, revoke access, report violations, and monitor information requests to ensure authorized access.
• Detect and respond to malicious behavior on public cloud, workstations, server environments, and distributed networks.
• Optimize threat detection and alerting for DLP, email protection, EDR and threat hunting, cloud/workload security products, IDS/IPS, firewalls, and other security technologies.
• Proactively hunt for threats within complex and distributed networks.
• Write, update, and maintain detection signatures, tune systems/tools, and develop automation scripts and correlation rules.
• Maintain knowledge of adversary TTPs and threat intelligence to implement detection and mitigation strategies.
• Conduct forensic analysis and engage with third-party resources as required.

• A degree in Cybersecurity, Information Technology, Computer Science, or related field is desirable.
• Industry-recognized certifications are a plus (e.g., CISSP, CISM, CEH, CompTIA Security+, SANS).
• Experience in forensics, malware analysis, threat intelligence.
• Ability to understand, modify and create threat detection rules within a SIEM.
• Understanding of log collection and aggregation techniques (ELK stack, syslog-NG, Windows Event Forwarding, etc.).
• Knowledge of Windows and Linux operating systems.
• Experience with scripting languages (Python, Perl, PowerShell, or equivalent).
• Experience with MITRE ATT&CK framework tactics and techniques.
• Experience with network forensics and related toolsets and analysis techniques.
• Experience with host-based detection and prevention solutions.
• Ability to reverse engineer malware is a plus.
• Ability to correlate data from multiple sources to identify cyber threats and vulnerabilities.
• Ability to deploy countermeasures or mitigations under pressure.
• Experience with incident response and incident management procedures.
• Build collaborative relationships to facilitate work goals.
• Experience with PCI-DSS, ISO-27001, and/or SOC II is a plus.
• Experience aligning security controls with NIST 800-53 and CIS is a plus.
• Project management skills are a plus.
• Experience with technologies such as SentinelOne, Tanium, Google Chronicle SIEM, Cloudflare security, ModSec, Tenable.io, Lacework, Recorded Future, ServiceNow, Jira, Microsoft Defender for Endpoints, Microsoft Security and Compliance, VirusTotal, SiteLock, Monarx, NGNIX.
• Experience with native cloud security services (AWS, Google, Azure, Oracle) is a plus.

• A comprehensive employee assistance program with free, confidential counseling for employees and immediate family members.
• Free domain benefits and WordPress blog sponsorship.
• Opportunities for professional growth through virtual learning and development programs.
• Participation in Expert Speak sessions and e-learning to grow professionally and personally.
• Collaborative and innovative teams.

• Seniority level: Mid-Senior level
• Employment type: Full-time
• Job function: Information Technology
• Industries: Software Development