Cyber Treat Hunter SIEM
Role: Cyber Threat Hunter - Remote
About the Role:
The Cyber Threat Hunter will provide day-to-day proactive hunts for the company's customers. Focus will be on network forensics, incident response, developing remedial actions for compromised hosts, and assisting in building out detection and prevention capabilities for Company's SIEM. The role requires independent work as well as the ability to work in a team environment. As a senior team member, you will be expected to be a Subject Matter Expert (SME) and to lead projects to build tools and processes to support proactive threat hunting efforts.
- Competitive Salary
- Full Benefits your employee and family
- Learning Stipend
- Remote (Can work from office if desired)
What candidates will do:
- Detect and respond to computer security incidents, and assist with the implementation of tools and technologies used for endpoint and network security.
- Create effective IDS/IPS rules to detect varied types of malicious activity.
- Analyze network and application traffic to identify both normal and anomalous behaviors.
- Provide expert in-depth knowledge of collecting, analyzing, and escalating security events; responding to computer security incidents; and/or collecting, analyzing, and disseminating cyber threat intelligence.
- Troubleshoot security monitoring tools and hunt technology to ensure functionality.
- Maintain a standalone malware analysis network.
- Use advanced threat intelligence techniques to identify cyber threats not detected by signature-based systems.
- Participate in Purple Team exercises, serving in all roles (Blue, Red, Purple)
- Use threat findings to recommend ways to optimize security monitoring tools.
Ideal Candidates Will Have:
- 2+ years of experience in a threat hunting role
- Knowledge of programming and scripting languages (Python, BASH, or PowerShell).
- Demonstrated experience with critical tools used in network/host-based intrusion analysis, incident response, computer forensics, malware analysis, or other areas of security operations.
- Experience in a security operations center or similar environment tracking threat actors and responding to incidents.
- Strong understanding of IDS signature building and tuning methods
- Understanding of how to identify attacker characteristics, determine anomalous behavior and establish baseline behavior in common network protocol traffic such as SMTP, DNS, HTTP and HTTPS.
- Thorough understanding of cyber security operations, event monitoring, and SIEM tools (e.g., ELK stack, Security Onion)
- Working knowledge of common penetration testing tools and techniques
- Willingness to teach and mentor others on the team.
- Bonus: Industry certifications such as GCIA, GCDA, GCED, GDAT, CND, CEH, or similar