• Identify and investigate intrusion to determine the cause and extent of the breach, leveraging threat intelligence source.
• Identify threat actor group (APT) and their technique, tools, and process.
• Participate in Hunt mission using threat intelligence, analysis of anomalous log data and anomalous session to detect and eradicate threat actors.
• Develop Threat Hunting dashboard and report to identify potential threat, suspicious/anomalous activity, and malware.
• Identify malicious or anomalous activity based on event data from network flows, EDR and other source.
• Perform deep live analysis by correlating data from various sources
• Provide expert analytic investigative support for critical Incident Response security incident.
• Maintain proficiency with security standards, tools and practices.
• Responsible to produce comprehensive and accurate oral and written report and presentation for both technical and executive audience.
• Communicate and interface with client, both technically and strategically from the executive level, to client stakeholder and legal counsel
• Responsible to escalation support for client Incident Response team on critical security event
• Strong background within Incident Response & Threat Hunting including IOC (Indicators of Compromise) & TTP (Tactics, Techniques & Procedures)
• Strong background in forensics, data collection and log triage
• Strong knowledge in TCP/IP, cryptographic protocols and algorithms, operating system (MAC\Linux\Windows) internal and operation.
• Understand of common Attack Vectors DDoS attacks, Phishing, Web Attacks, and Malware
• Experience in performing malware analysis
• SANS GIAC (GCFA, GCIH) – Mandatory
• SANS GIAC (GREM, GCFE), OSCP – Not mandatory
D. Education / Qualifications:
• Any relevant bachelor degree in computer science or any related technology background.
• +3 years of experience in threat hunting and incident response