Performs threat hunting within the clients technology environments to uncover indicators of threat activities.
Support SIEM use case management process
Supports the development of tactics, techniques, and procedures in providing proactive threat hunting and analysis against the available information sources (e.g. SaaS logs, Kubernetes and Firewall logs, etc.).
Supports the identification and documentation of Indicators of Compromise (IoCs).
Leverages internal and external resources to research threats, vulnerabilities and intelligence on various threat actors and exploitation tools and platforms.
Use an analytics platform to identify threats in the available information repositories.
Perform threat research to identify potential threat vectors and work with multi-disciplines to improve prevention and detection methods.
Identify gaps in an organisation's measurement metrics, telemetry and logging capabilities and propose enhancement strategies to achieve the intended outcomes.
Requirements
Regularly keeping up with infosec affairs, threat landscapes and exposed to well-known threat actors
Preferred Self starter and independent with minimal supervision is required
Exposed to mid/large scale of IR
Able to install own mini Lab from scratch if needed
Ability to demonstrate flexibility, initiative and innovation in dealing with ambiguous, fast-paced situations.
Ability to show proficiency in one or more regional languages and dialects.
Possession of excellent presentation and briefing skills.
Possession of excellent oral and written communication skills.
Professional certifications, including EnCE, GCIH, GCFE, GCFA, GREM, GNFA, GASF, GCTI, CISSP, or other SANS certifications.
