SPEAK WITH AN EXPERT

Join CyberProof Today

Threat Hunter

Israel, Threat Hunting

Description

CyberProof is a cyber security services and platform company whose mission is to help our customers react faster and smarter – and stay ahead of security threats, by creating secure digital ecosystems. CyberProof automates processes to detect and prioritize threats early and respond rapidly and decisively.

CyberProof is part of the UST Global family. Some of the world’s largest enterprises trust us to create and maintain secure digital ecosystems using our comprehensive cyber security platform and mitigation services.

CyberProof is seeking a Threat Hunter who will be part of our growing managed services group, which monitors, investigates, and resolves security incidents, violations, and suspicious activities. 

Expectations from this role:

• Proactively drive hunting and analysis against the available dataset to look for indicators of security breaches

• Leverage internal and external resources to research threats, vulnerabilities, and intelligence on various attackers and attack techniques, to form hunting workflows and mitigation steps

• Design and implement data mining techniques to extract meaningful insights from large data sets

• Collaborate with the incident response team to develop EDR-based detection and response workflows

• Perform analysis on data sets from various sources including, network, endpoint, and cloud environments

• Develop and maintain an understanding of the latest cybersecurity technologies, trends and threats

• Participate in the development of reports and dashboards that provide insights into the cybersecurity posture of the client

• Collaborate with cross-functional teams to develop and implement new tools and techniques to enhance cybersecurity analytics

Typical performance measures:

• Managing customer’s records from several perspectives: routine meetings and engagements with customer’s stakeholders, identifying security issues in the environment, scheduling and managing hunting activities across a calendar, preparations and executing of hunting activities, creating timely reports, etc.

• Collaborate with other teams to locate research initiative

• Conduct deep technical research on security breaches

Performance Areas:

• Operating under “Hunter’s state of mind” to be proactive and leverage data into hunting workflows

• Manage customer records to set hunting activities on a scheduled basis

• Innovate new processes and workflows to deploy proactivity in all aspects to address complex threats and risks

Requirements

  • Proven experience of 5+ years in Cyber Threat Hunter or Incident Response, including high skills in forensics and investigation of network, endpoint and cloud logs
  • Deep and proven knowledge and understanding of attacks and compromise footprints
  • Deep and proven knowledge of baseline operating system internals, network communications and user behavior
  • Critical thinking, problem-solving skills and innovative way of thinking
  • Action-oriented and have a proactive approach to solving issues
  • Excellent written and verbal communication skills
  • Excellent organization, time management, and attention to detail
  • Ability to work with security applications such as data lake, SIEM and EDR
  • Ability to use forensic tools and analysis methods to detail nearly every malicious action
  • Ability to conduct endpoint security and Windows artifact analysis: Registry hives, Event Log files, File system analysis, etc.
  • Ability to conduct network security and understand TCP/IP component layers and distinguish normal from abnormal network traffic
  • Ability to conduct cloud security (Cloud Storage File and Metadata Examinations)
  • Ability to do malware analysis using sandbox to identify and analyze suspicious artifacts in sandbox reports
  • Ability to continuously learn new technology and stay updated on cyber threats

Knowledge Examples:

  • Strong knowledge of Threat Hunting
  • Must have a deep understanding of attacker methodologies, computer intrusion activities, incident response techniques, tools, and procedures
  • Thorough knowledge of digital forensics methodology as well as security architecture, system administration, and networking (including TCP/IP, DNS, HTTP, SMTP)
  • Experience working with large and complex data sets from various sources, including network, endpoint, and cloud environments
  • Knowledge of operating systems essentials including Linux/Unix and Windows
  • Strong knowledge of Python programming and preferably experience with Jupyter Notebooks
  • Knowledge of data science techniques, including statistical modeling, machine learning algorithms, and predictive analytics
  • Excellent analytical and problem-solving skills
  • Strong communication and collaboration skills with the ability to work effectively in a team environment
  • Self-starter with the ability to work independently and prioritize tasks
  • Experience with cloud-based data storage and analytics platforms is a plus
  • Experience with security assessment tools such as NMAP, Netcat, Nessus, and Metasploit is a plus.
  • Red teaming knowledge preferred but not essential
  • Familiar with Ethical hacking
  • Familiar with Threat intelligence

Certifications which may be valuable:

  • Cisco Certified Network Associate (CCNA)
  • Certified Ethical Hacker (CEH)
  • Certified Computer Examiner (CCE)
  • GIAC Certified Forensic Examiner (GCFE)
  • Certified Computer Forensics Examiner (CCFE)

Apply for This Position

I love the diversity of the challenges at CyberProof. Every client is faced with different issues, so no two environments are the same – even when they are targeted by the same threat actors. It’s always different…  I also appreciate the culture and passion I find at CyberProof – as there are so many people here who are highly professional and experienced, and are respected by their peers throughout the industry!


– Rob Forde, Services Definition Manager