Working for a global System Integrator (SI); The end goal of Threat Hunting is to reduce the length of time a threat actor is present on the banks of IT-infrastructure before being detected. This is achieved by having a proactive approach on cyber defence instead of a reactive approach. Proactive means building new detection capabilities to detect Tactics Techniques and Procedures (TTPs), for threat actors targeting the financial industry, before incidents occur.
Threat Hunting is an iterative approach to discover, identify and understand attackers targeting the IT infrastructure of the client. The method of Threat Hunting consists of analyzing data to find attacks that have or can evade existing security defences. You will be working in an international expert team of nearly 60 people, with whom you share knowledge, skills and experiences. You will be having relations with a variety of stakeholders in and outside of the organization. The team responsible for threat hunting consists of 4 members, whom are highly experienced in performing the analysis. You will be closely working together with the other teams within the Cyber Defence Centre.
- A driven professional with a wide variety of knowledge and experience in IT in general and cyber security in particular
- The ability to think both like an attacker and a defender to translate attacker behaviours and techniques into hunting hypotheses.
- Able to select and use the right tools and techniques necessary for investigating hypotheses.
- Have a creative mind-set.
- Have excellent analytic skills and love solving complex challenges.
- Good common knowledge on IT networks and operating systems.
- Excellent technical understanding of attacker tactics and techniques such as: lateral movement, privilege escalation, malware persistence, command obfuscation, etc.
- Constantly keeps knowledge up-to-date regarding attacker techniques and behaviours with the latest developments. Should also be able to transfer knowledge to others.
- Experience with writing code using well known languages such as Python. For example to write custom tools and analyze data.
- Has experience in multiple Digital Forensics & Incident Response (DFIR) fields: incident response, endpoint forensics, network forensics, malware analytics, memory forensics. Uses this experience to identify suspicious behaviour.
- Is critical, and supporting, of other’s work and own. Has a drive to always improve to do better.
- Is able to perform complex assignments, alone or as part of a team.
- Excellent verbal and written communication skills.
- Familiar with the financial services industry.
- Bachelor or Master preferred in IT/Security.
- OSCP, GXPN, GCFA, GREM, GCFE, GCIA or equal certifications.
- 5+ year working experience in an IT function.
- 3+ working experience in an IT security function.
- Contract or Permanent