Threat Hunter

Job Description

A Threat Hunter is a highly skilled member of ATCP Security Crisis and Incident Response (CIR) Team, entrusted with the crucial responsibility of proactively identifying and mitigating security threats within an organization's network and systems. They employ a combination of manual and automated techniques to detect, analyze, and investigate potential security incidents that may have evaded traditional security controls.

As part of their role, a Threat Hunter excels in the following types of Threat Hunting in the client's environment:

- Threat Intelligence Driven: Leveraging threat intelligence feeds and external sources, they actively search for indicators of compromise (IoCs) and emerging threat patterns to detect and neutralize potential security risks.

- Security Incident Driven: They swiftly respond to security incidents, conducting thorough investigations to understand the extent of the compromise, its impact, and the underlying root causes. This enables them to develop effective mitigation strategies.

- Hypothesis Driven: Utilizing their expertise and knowledge of attack vectors, they formulate hypotheses about potential threats and then systematically gather and analyze evidence to confirm or refute those hypotheses, ensuring a comprehensive Threat Hunting approach.

- Compromise Assessment via Threat Hunting: Through continuous monitoring and proactive hunting, they assess the environment for signs of compromise, identify any ongoing breaches, and initiate the appropriate response actions.

In addition to their primary Threat Hunting duties, Threat Hunter takes on the following key responsibilities

- In-depth Investigations: They conduct detailed investigations into potential security incidents, employing advanced techniques to determine the nature and extent of the threat. This includes analyzing logs, network traffic, system artifacts, and other relevant data sources.

- Collaboration and Coordination: They coordinate and collaborate with various stakeholders, including incident response teams, IT personnel, and management, to address high-priority and high-severity findings. Effective communication and teamwork are essential for successful threat mitigation.

- Comprehensive Reporting: They prepare comprehensive reports that document investigation details, findings, and recommended remediation steps. These reports provide valuable insights to stakeholders and aid in the development of proactive security measures.

Job Qualifications:

- Proficient in Threat Hunting Methodologies: Possess a deep understanding of various Threat Hunting techniques, including manual log analysis, behavioral analytics, data correlation, and anomaly detection

- Strong Incident Response Knowledge: Well-versed in incident response processes and procedures

- Capable of conducting thorough investigations, analyzing collected data, and determining the scope, impact, and root cause of security incidents

- Skilled at collaborating with incident response teams to provide timely remediation recommendations

- Familiarity with MITRE ATT&CK Framework: Knowledgeable about the MITRE ATT&CK framework, including its various tactics, techniques, and procedures (TTPs)

- Able to leverage the framework to identify and categorize adversary behaviors and map them to relevant security controls

- Expertise in Digital Forensics: Proficient in conducting digital forensics investigations on both host systems and network infrastructures

- Skilled at analyzing digital evidence, performing memory, disk, and network forensics, and extracting relevant artifacts to understand the nature of security incident

- Competent in Static and Dynamic Malware Analysis: Capable of analyzing malicious software (malware) using both static and dynamic analysis techniques

- Able to analyze malware samples to understand their functionalities, persistence mechanisms, and potential impact on systems

- Strong Understanding of Networking, Operating Systems, and Security Fundamentals

- Possess a solid foundation in networking protocols, operating systems (Windows and Linux), and core security concepts

- Understand how different components interact within an IT environment and their potential security implications

- Knowledge of Various Security Technologies: Well-versed in different security technologies such as SIEM (Security Information and Event Management), endpoint security solutions, network security devices, and email security systems

- Familiar with their functionalities, deployment, and monitoring practices. Certification is a Plus

- Possess relevant certifications in the field of cybersecurity, such as SANS GCFA (GIAC Certified Forensic Analyst), GNFA (GIAC Network Forensic Analyst), or other industry-recognized certifications. These certifications validate expertise and demonstrate a commitment to professional development.

Additional Information:

- Should have minimum 3 years of experience in Threat Hunting

- Must be amenable to work in day /mid shift schedule at Cubao Site, with hybrid work set up