Cyber Threat Hunting Manager
A Global Multimedia client of mine are looking for an experienced Incident Response and Malware specialist to help build out and lead their Threat Hunting function, enhancing their proactive and intelligence driven monitoring capability.
This is an excellent opportunity for an experienced CSIRT Lead with significant experience performing malware analysis, reverse engineering and handling incidents from inception through to resolution to take the already well established Global SOC function to the next level, and put your own mark and stamp on a global organisation.
- Lead the threat hunting and attack path mapping programs
- Act as escalation point and technical lead during cyber security incident resolution, managing incidents through the full lifecycle
- Complex report writing around security incidents and various threats and reporting to senior management
- Managing and mentoring a team of security specialists underneath you
- Producing and collating research on latest threats and malware, coordinating with Security Tooling and GSOC Analysis team, assisting and advising on content creation to develop defensive methodologies
- Translating technical concepts into business risks to Senior Stakeholders, with the ability to influence to make sure objectives are met
Key Skills & Requirements:
- Identification of malware types, infection methods, providence and objective of the malware, as well as the ability to extract IOCs and TTPs
- Malware reverse engineering using ole debugger, IE IDA Pro (static and dynamic) and sandboxing technologies such as Cuckoo.
- Strong knowledge of DFIR toolsets (SIFT, Volatility, etc), various attack vectors and memory and file system analysis
- Complex incident report writing
- Comprehensive knowledge of Cyber Security Methodologies (Cyber Kill-Chain, NIST, MITRE ATT&CK Framework in particular)
- Strong knowledge of security architecture, security technology, technical security systems and security event management methodologies.
- Experience utilising various security technologies and defences such as Snort, Bro, IDS monitoring, custom rule creation (YARA), WireShark, TCPDump, Netflow Analysis, TCP/IP Networking principles, Firewalls
- Proven people management, mentoring and team development experience
- SANS Certification(s) desirable - GCIA, GCIH, GCFE, GREM
- Eligibility for SC Clearance is essential