Cyber Threat Hunter

Cyber Threat Hunter

Location: Remote (Must live within 2 hour's drive of NYC) 
Type: Permanent / Direct Hire
Salary: $95k to $155k Depending on Experience

The Threat Hunter will provide deep-level investigation analysis utilizing multiple data sources, audit, and monitoring tools. Additionally, the Threat Hunter will work closely with our Technology Engineers, Architects, and Threat Analysts to service customers. 

Responsibilities: 

• 100% Remote – Ideally located within 2 Hours of the NYC Metro area for the rare need to inspect Data Center  

• Perform security monitoring and incident response activities across the networks, leveraging various tools and techniques. 

• Detect incidents through proactive “hunting” across security-relevant data sets. 

• Thoroughly document incident response analysis activities 

• Develop new, repeatable methods for finding malicious activity across the networks 

• Provide recommendations to enhance detection and protection capabilities 

• Regularly present technical topics to technical and non-technical audiences 

• Develop and follow detailed operational processes and procedures to appropriately analyze, escalate, and assist in the remediation of information security incidents 

• Prioritize multiple high-priority tasks and formulate responses/recommendations to customers and team members in a fast-paced environment 

• Continually develop new technical skills and push overall team capabilities forward 

• Work with other teams on major engineering and architecture initiatives 

• Be innovative with their understanding of attack methodologies, malware analysis, malicious toolkits, and how those may manifest within various security technologies 

• Understands advanced adversary emulation concepts 

• Advanced use case design for insider threat, operational, threat detection, and response 

• Review of defensive and detective controls to reduce the client attack surface 

Skills:

• 5+ years of operational experience assessing, reviewing, and remediating infrastructure vulnerabilities, CVEs, and risks. 

• Knowledge of third-party software vulnerabilities, security threat landscape, especially network and server threats 

• Knowledge of cyber security threats and risks, vendor computing environments, basic systems, and network technologies. 

• Experience with and understanding of CVE’s and CVSS scores  

• Knowledge of compensating controls and mitigating factors. 

• Knowledge of Information Security frameworks, guidelines, and standard methodologies. 

• Knowledge of the Windows and / or Linux operating systems 

• Knowledge and understanding of Cybersecurity controls and logging and monitoring tools. 

• Strong problem-solving and analytical skills 

• Ability to work on multiple projects by prioritizing and results-oriented approach 

• Good teammate with the flexibility required for support operations 

• Be well versed in the cyber threat landscape; have an advanced understanding and knowledge of what tactics and techniques are being used by adversaries; have an advanced understanding and knowledge of what security controls and/or telemetry data is available to detect these tactics and techniques; and be familiar with cyber security incident response terminology, processes, and techniques. 

• Moderate to complex investigations (multiple tools), including endpoint, UEBA, public cloud, SAAS, and packet analysis 

• Security use case design recommendations for threat detection 

• Threat response activities such as quarantining host and other common response playbook activities 

• Proactive threat hunting using multiple client tools 

• Application of threat intelligence to improve detection and response capabilities 

• Experience with offensive security tools and attack techniques 

• Competence with one or more programming/query languages - experience with Python, PowerShell, and SQL. Extensive experience with the MITRE attack framework and associated tactics 

• Extensive alert triage and endpoint investigations using technologies such as EDR 

• Phishing analysis 

• Malware analysis (does not include reverse engineering) 

• Provide recommendations on the tuning of security detection platforms and use cases to improve the accuracy of detection 

• Experience working with large data sets and tools/technologies like Spark, PySpark, Pandas, Hadoop, Cloudera, and Databricks. 

• Knowledge of AWS, Azure, and GCP cloud service technology 

• Knowledge of metrics and reporting with the use of data visualization tools such as Tableau 

• Ability to expertly interact with all levels of personnel 

• Excellent verbal and written communication skills 
  
  ​​​​​​Please Note:
  Must be a US Citizen or Permanent Resident (GC) or GC EAD holder due to Federal Requirements
  No 3rd Party Vendors
  No 3rd Party Submittals
  No Sponsorship available