Expoint - all jobs in one place

מציאת משרת הייטק בחברות הטובות ביותר מעולם לא הייתה קלה יותר

Limitless High-tech career opportunities - Expoint

IBM Threat Hunt - IBM CISO 
United States, Texas, Austin 
144839674

24.06.2024

Your Responsibilities:

  • Developing hunts, translating them into an iterative process, and deploy them in various toolsets including but not limited to EDRs and SIEMs.
  • Modeling attacks and threats to improve threat detection & mitigation
  • Conducting deep analysis of threats across the enterprise by taking into consideration threat actor tactics, techniques, and procedures (TTPs).
  • Developing attack detection & response playbooks, defining counter-measures and strategies to mitigate emerging threats.
  • Documenting and communicating findings to an array of audiences which includes both technical and executive teams.
  • Collaborating in a virtual team and interface with a multitude of stakeholders within or outside the IBM CISO.

Your Abilities & Skills:

  • Modeling threats and mapping them to industry leading frameworks
  • Developing threat hunts based on various intelligence inputs
  • Actively developing hypotheses for hunting
  • Performing both host and network-based investigations using various toolsets
  • Pivot off indicators within networks to identify the scope and breadth of attacks
  • Reviewing logs to identify evidence of past intrusions
  • Performing attack simulation testing where necessary
  • Communicate and coordinate with other security focals during an active incident

Your Knowledge:

  • Computer networking concepts and protocols, and network security methodologies
  • Cyber security threats, threat actors and their associated TTPs
  • Security controls, how they can be monitored, and thwarted
  • Laws, regulations, policies, and ethics as they relate to cybersecurity and Privacy.
  • We believe you are a good fit for this role if you are someone that can analyze alerts, proactively hunt for malicious activity, and develop new detection methods. From a technical expertise perspective, you will succeed in this position if you have several years of experience in:
  • Understanding granular details about network flow, operating systems internals, and threat actor intentions.
  • Correlating anomalous behaviour, intelligence, and statistical outliers in the environment to hypothesis driven hunts.
  • Applying basic automation or scripting to new or existing processes


Preferred Technical and Professional Expertise

  • Strong understanding of TTPs
  • Experience with Endpoint Detection and Response (EDR) and SIEM tools with a focus in incident investigation and/or threat hunting