Position Description :
The Global Security Operations Center (GSOC) Threat Hunting & Detection Content Engineering Analyst contribute to strengthening our security posture on multiple facets by developing and maintaining advanced threat detection content and conducting proactive threat hunting activities. This person plays a critical role in proactively identifying and neutralizing threats, thereby reducing risk, enhancing incident response capabilities and ensuring security threats can be identified and translated into high fidelity & actionable alerts for security investigation.
Your future duties and responsibilities :
The Threat Hunting & Detection Content Analyst is responsible for the following activities :
Threat Hunting
- Research tactics, techniques and procedures (TTPs) to plan threat hunting execution
- Participate in the planning and execution of our threat hunting program
- Perform research and development augmenting our capabilities
- Perform proactive threat identification & hunting activities and follow up based on the result
- Ad-hoc Incident support
Security Detection Content Engineering
Participate in the planning and execution of our security detection content engineering programTranslate intelligence and incident response report into actionable detection capabilitiesDevelop new and novel detection mechanisms, behavioral detection use cases, IOCs, etc.Perform research and development augmenting our capabilities.Identify new and emerging trends in threat actors' TTPsAd-hoc Incident supportThreat Hunting & Detection Content Service Management
Assist in producing operational report for effectiveness of the detection content & threat hunting servicePlan and deliver initiatives to streamline the services operationsAssist to manage the service operationsEstablish and improve workflow, procedure, guideline for the services and automate the processes to optimize the teams’ operationsAutomation and Integration
Initiate automation idea and deliver with Automation team to improve the operation efficiency and the quality of the detection content and threat hunting services.Plan and deliver integration between different technologies platforms to improve our detection content and threat hunting services.Other Responsibilities
Participate in innovation projects including the building, deployment and evaluation of new technologiesParticipate in technology evaluation in collaboration with other stakeholders.Provide advanced threat awareness and education to members of the teamRequired qualifications to be successful in this role :
The candidate should be able to demonstrate a thorough understanding of cyber security especially in threat hunting, security detection content engineering, digital forensic, incident response and threat intelligence areas. The candidate must possess an in-depth knowledge of modern threats, threat actors’ TTPs, threat hunting and detection content tools / platforms and methodologies.
Education and Experience :
5+ years of cyber security operations experience and at least 2+ years hands-on experience in threat hunting and security detection content engineering.Bachelor’s degree in computer engineering, Computer Science, Information Technology, Cyber Security, or related field; advanced degree preferred.Qualifications :
Proficient in using threat hunting tools such as Endpoint Detection and Response (EDR) & Log Analysis Platforms (SIEM)General Knowledge of security tools such as TIP, NGFW, Sandbox, SASE, SIEM, EDR, WAF etcExperience with scripting and programming languages (e.g., Python, Bash, etc.) for automation and analysisKnowledge of various standard detection content format (Sigma, YARA, Snort Rule etc)Knowledge of cyber security principles, practices, technologies, and standardsStrong knowledge of current threat, vulnerabilities and threat actors TTPsStrong understanding of cybersecurity frameworks (e.g., MITRE ATT&CK, Cyber Kill Chain)Knowledge of Windows, Linux and Mac Operating systemStrong knowledge of threat hunting, detection content and preferably also Incident Response, digital forensics and Threat IntelligenceProficient in spoken and written EnglishCertifications :
eCTHP, GCFA, GREM, OSCP, CISSP or other reputable, technical and defensive / offensive focused certification are preferredCGI is providing a reasonable estimate of the pay range for this role. The determination of this range includes factors such as skill set level, geographic market, experience and training, and licenses and certifications. Compensation decisions depend on the facts and circumstances of each case. A reasonable estimate of the current range is $60,–$,. This role is an existing vacancy.
#LI-KM1
Skills :
Cyber Security Consulting