The Principal Threat Hunter is an integral part of our services organization providing expert knowledge in security best practices, security controls and advanced analysis to our customers. Knowledge in infrastructure, network principals, security standards, practices and controls as well as adversarial tactics and techniques are key components for success in this role. This team member will apply their wealth of knowledge and experience to identify and investigate potential emerging threats, enable our clients to effectively respond to these threats and provide recommendations using risk based methodology This team member will assist in overall strategy, foster a collaborative team environment, and provide mentoring to junior associates.
- Detect and help configure tools to detect patterns/outliers within client environments that match tactics, techniques or procedures (TTPs) of known threat actors, malware or other unusual or suspicious behaviors.
- Conduct cyber hunts in support of identifying emerging threats on behalf of multiple clients, often operating as a lead investigator.
- Provide expert analytic investigative support of large scale and complex security incidents across multiple clients and supporting their SOC team through the investigation, response, and post mortem efforts.
- Create detailed Incident Reports and contribute to lessons learned in collaboration with client teams.
- Monitor multiple client environments and investigate & report on emerging threats.
- Contribute to executive summary reports and help deliver reported findings and recommendations to client audiences.
- Develop & document technical risk reduction recommendations in relation to findings and overall trends.
- Suggest and maintain client policies within the Armis platform in support of monitoring and alerting use cases, focused on optimizing threat hunting service efficacy, and the client’s overall security posture improvement.
- Support client and internal reporting & dashboarding customization efforts within the Armis platform, as required.
- Work with internal teams on orchestration & tool based enablement and optimization of team processes supporting overall service delivery.
- Partnering with internal Threat Research, conduct dynamic and static malware analysis on samples obtained during incident handling or hunt operations in order to identify IOCs.
- Contribute to the documentation of simple and reusable hunt tactics and techniques for the extended and shifting team delivering threat services.
- Help identify, provide design input, and prioritize product feature requests in support of Armis threat hunting capabilities both from the perspective of the internal service and over-arching consuming organizations.
- Regularly engage with clients to help them truly mature and optimize their Armis deployments, primarily from a risk management and incident response perspective.
- Establish & maintain client-specific cyber hunt & monitoring playbooks.
- Operate as subject matter expert (SME) point of contact for clients during business hours.
- Bachelor’s Degree in Cybersecurity related field preferred
- 6 years of Cybersecurity experience
- Desired Certifications: CISSP, SANS GCTI, CCSP, GCFA, GCFE, GREM, GNFA, or OSCP Certification
- Experience with securing and hardening IT infrastructure
- Demonstrated or advanced experience with computer networking and operating systems.
- Experience with operational security, including security operations center (SOC), incident response, actioning threat intelligence, malware analysis, or IDS and IPS analysis.
- Knowledge of networking protocols and infrastructure designs; including routing, firewall functionality, host and network intrusion detection systems, encryption, load balancing, and other network protocols.
- Advanced knowledge of log analysis, traffic flow analysis and experience with associated infrastructure and systems to aid in the identification of malware or other malicious behavior.
- Knowledge of TTPs involved in current APT threats and exploits involving various operating systems, applications and protocols, including working knowledge of the Cyber Kill Chain and MITRE ATT&CK Matrix.
- Experience with network hunting, including Snort/Bro Logs, Netflow, PCAP, and firewall and proxy logs.
- Demonstrated ability to work in a team environment both in-person and remotely
- Excellent written and verbal communication skills, analytical ability, and the ability to work effectively with peers, IT management and senior leaders.
- Ability to both support and lead client and partner facing meetings and projects.
- Software development and/or scripting experience is a plus: Python, Powershell, etc.
Let us know
Help us maintain the quality of jobs posted on RemoteTechJobs and let us know if:
Error on reporting
Rocky Mountain Institute