Threat Operations Hunter

Opportunity with a US based Insurance Company based out in Bangalore for Cyber Security Lead - THREAT HUNTER Role .

Job Description:
An experienced Threat Operations Hunter performs intelligence-driven network defense supporting the monitoring and incident response capabilities. The role involves analysis of large amounts of data from vendors and internal sources, including various indicator feeds, Splunk, and several threat hunting tools, etc. Threat Hunters perform the functions of threat operations and hunting and serve as the liaison for Threat Intelligence in the Security Operations Center, and mentor the incident handling, incident response, and forensics teams.
Job Location : Bangalore
Yrs of experience : 5 - 9 years
Job Responsibilities
• Enhancing the Security Operations and Threat Intelligence workflow by redesigning process and approach to operationalize the sharing and utilization of actionable intelligence and indicators.
• Assist in identifying (hunting) and profiling threat actors and TTPs.
• Custom tool design to assist in analysis and investigation. (Related experience in programming, database, system administration, etc.)
• Implementing integration/orchestration of existing security infrastructure and indicators.
• Design and run custom analysis models on (centralized) security event information to discover active threats, including collaboration on the development of use cases when appropriate.
• Perform as an Information Security SME in the following areas:
o Threat Hunting
o Incident Response
o Log analysis (statistical modeling, correlation, pattern recognition, etc.)
o Microsoft platform (Server, workstation, applications)
o Open Systems platforms (Linux, UNIX, VM Ware ESX)
o Web Application
o Networking (firewalls, IDS/IPS, packet capture)
o Databases (Oracle, SQL Server, DB2, IMS)
o …and others.
• Providing mentorship and support to teammates with regard to Threat Intel collection , communication/rapport with other divisions and various levels of leadership, technical expertise, and career development.
• Capable of identifying need & driving solutions, and providing guidance, in an autonomous manner.
Primary Skills:
• Degree and/or certifications in Engineering, Computers Science, or related field
• 3+ years overall technical experience in either Threat Hunting, incident response, security operations, or related information security field.
• 2+ years experience in application design/engineering, including but not limited to programming/scripting, Windows/Linux system administration, RDBMS/NoSQL database administration, etc.
• 3+ years experience in penetration testing, ethical hacking, exploit writing, and vulnerability management
• Deep understanding of common network and application stack protocols, including but not limited to TCP/IP, SMTP, DNS, TLS, XML, HTTP, etc
• User behavior analytics ,Threat Modeling, Network & EDR Hunting, Hunt through MITRE Framework ,Hunt through Threat Intelligence, Hunt VIA Brand Intelligence Services, Blind Hunt analogy, Hunt Pivoting, Hunt by orchestration
• Strong and recent experience with malware analysis and reverse engineering.
• Advanced experience with security operations tools, including but not limited to:
o SIEM (e.g. Splunk, Arc Sight)
o Indicator management (e.g. ThreatConnect)
o Link/relationship analysis (e.g. Maltego, IBM i2 Analyst Notebook)
o Signature development/management (e.g. Snort rules, Yara rules)
• Broad experience with various common security infrastructure tools (NIDS, HIPS, EDR, etc.)
• Excellent analytical and problem solving skills, a passion for research and puzzle-solving.
• Expert understanding of large, complex corporate network environments.
• Strong communication (oral, written, presentation), interpersonal and consultative skills, especially in regard to white papers, briefs, and presentations.
• Good organization and documentation skills
• Leadership and mentorship skills
Experience
• 3+ years overall technical experience in either threat hunting, incident response, security operations, or related information security field.
• 2+ years experience in application design/engineering, including but not limited to programming/scripting, Windows/Linux system administration, RDBMS/NoSQL database administration, etc.
• 3+ years experience in penetration testing, ethical hacking, exploit writing, and vulnerability management
At least hobbyist experience in “maker”/hardware hacking, e.g. Raspberry Pi, Arduino, etc.
Experience with incident response workflow (or other case management “ticketing”) tools such as RSA Archer, ServiceNow, Remedy, JIRA, Resilient, Best Practical Request Tracker, etc.
Obtained certifications in several of the following: SANS GIAC courses, CEH, CISSP, OSCP, or tool-specific certifications
Scripting experience related to system administration and security operations (Python, Bash, PowerShell, Perl, C/C++)
Shift Timing:
Mon-Fri
1 - 9.30PM