CSIRT: Cyber Threat Hunter Analyst: Manager

Location: Bangalore
Specialization: Security,
Industry NA
Reference: 32267

This position is with our client, who is among the big 5 brand. 

Job Role:

CSIRT: Cyber Threat Hunter Analyst: Manager

Location : Bangalore

Experience - Atleast 8 years.

·       Position Brief : The Cyber Threat Hunting Analyst is responsible developing advanced queries, reports and correlations to hunt for threats in the environment.  The Analyst should have extensive knowledge in intrusion techniques and threat actor Tactics, Techniques and Procedures (TTPs).

The Analyst conducts extensive threat research based on OSINT, 3rd party breaches, potential attacks, vulnerabilities, exploits and different attack vectors to provide input to new security monitoring threat use cases and the need to support advancing threats, with new projects, initiatives and technologies.  The Analyst helps map security use cases to threat actor TTPs and the MITRE ATT&K Framework.

·        The analyst will also play a role in response security incidents in varying stages of the incident response process, but serves as an escalation point for incidents that require advanced analytics.

·       The Analyst also collects threat intelligence and incorporates the intelligence into security toolsets in support of security monitoring.  The Analyst is also responsible for periodic threat intelligence reports on the threat landscape and potential impact to the organization.

 

Skill Matrix:

Skill Mandatory

·         Splunk Enterprise Security (SPL, advanced queries, reporting, dashboards)

·         Develop advanced queries, reports and correlations in the response to security incidents to validate the activity, trace adversary action and determine true root cause.

·         Develop new security use cases as needed to support new technologies

·         Develop Splunk dashboards and reports correlating data from different log sources in support of security monitoring and incident response             

·         Experience using cloud security monitoring tools such as Azure Sentinel, Azure Security Center, AWS Guard Duty, Google Security Command Center