Cyber Threat Hunter

**Cyber Threat Hunter** **Do work that matters** The Cyber Security team protects the bank and our customers from theft, losses and risk events, through effective and proactive management of cyber security, privacy and operational risk. **See yourself in our team** - The Threat Hunt Team leverages threat intelligence to run hunt missions that target adversarial activity in our systems. - We are an inclusive team that seeks diversity of backgrounds and voices, we pride ourselves in caring about people and developing honest and genuine relationships in the team, to foster support and strong foundations. - Your work will have a direct impact in ensuring we Defend a better Future for our customers and community. - You will help advance Cyber Defence Operations' mission by directly uplifting our ability to detect and respond to cyber-attacks in a timely manner. - You will be exploring the adversarial engagement space inside and outside our network, helping the team develop new tactics for the analysis and conceptualization of cyber threats. - You will be involved in Generative AI and Automation work to help us become a cutting edge threat hunt team that can tackle complex and difficult areas in a timely manner. - Through threat hunting efforts you will identify patterns of historical activity commensurate with attempted cyber-attacks and translate your findings to actionable insight, thus creating a better security outcome for the Group. - The Threat Hunt Team collaborates closely with Threat Intelligence, Incident Response, Detection Engineering, Cloud IR and other engineering teams to develop a "threat led" approach to hunt missions, focusing on areas of high impact and value to cyber operations. - Our team seeks to expand our understanding of threat actor capabilities by leveraging OSINT hunt efforts, mapping out attack paths and developing novel approaches to the implementation of MITRE ATT&CK as well as MITRE ENGAGE in our daily ops. **Your responsibilities** - Contribute to the development and execution of the Threat Hunting program’s mission, strategy, and concept of operations. - Develop hunting hypotheses and use-cases, using OSINT information and insight gathered by the Incident Response, Threat Intelligence, Detection Engineering, Red and Purple teams. - Develop threat hunting playbooks with contextually relevant information about the queries and other analytics uncovered during the hunt process. - Contribute to the identification or development of automation opportunities that aid in the simplification and integration of Threat Hunting processes. - Execute hunts, validate findings, develop threat hunting playbooks and clearly communicate identified control gaps and detected adversary activity to the appropriate teams. - Triage vulnerabilities and high risk threat actor activity identified by CBAs intelligence team, red-team, purple-team, verify their criticality, and feed the results back into the Threat Hunting prioritization process, to ensure CBA is protected against those threats. - Collate performance metrics to track hunt missions and drive continuous improvement of existing hunts, and make recommendations to close gaps identified in our security control systems. - Work in collaboration with other teams in Cyber Defence Operations with a proactive mindset in order to develop common ground and synergistic approaches that help uplift CBA's defensive stance. **What you will need to succeed** - You are someone that embraces diversity in the workplace and ensures kindness and respect are always a priority when engaging with your colleagues. - You develop and maintain a mentoring mindset, foster trust amongst your teammates and practice curiosity. - Demonstrable technical, hands-on experience investigating real world cyber attacks in various environments, both on premise and cloud. - Knowledge of two or more of these Domain Specific Languages: SQL, Kusto Query Language (KQL), Splunk Search Processing Language (SPL), Elasticsearch Query DSL, Kibana Query Language, GraphQL, Cypher Query Language (Neo4J) - A strong focus on making work metricated and visible. - Strong experience and knowledge of adversarial cyber frameworks (like MITRE ATT&CK), the forensic artefacts relevant in attack scenarios and how to obtain that evidence from the available technologies in CBA’s environment. - Understanding of Agile methodologies. **Desirable skill to help with success** - Exposure to DevOps principles. - Experience with at least one scripting language (Python preferred). - Experience developing (or contributing to the development) of automated detection logic. - Demonstrated experience working with Threat Intelligence methods, tools and approaches including OSINT techniques. - Experience with the analysis of large data sets at scale (with a focus on efficiency). - Knowledge of (security) architectures within large and complex environments. - Exposure to GenAI is an optional but very valuable plus. We're