- Experience producing actionable threat intelligence on targeted and advanced persistent threats enabling network and host defences in external organizations with demonstrable impact
- Expertise tracking APT adversaries leveraging the Diamond Model to identify and characterize various TTPs, capabilities, infrastructure, and operational campaigns
- Experience performing actor tracking/investigation/threat intelligence/SOC work
- A good understanding of how the internet works, that is, relevant network protocols (HTTP, TLS, TCP/IP, UDP, DNS, etc), OAuth.
Familiarity in at least one of the following:
- (1) cloud intrusion analysis in adversary operations;
- (2) Analysing sophisticated malware samples used in targeted attacks against large corporate or government entities;
- (3) Analysing host forensic and log data associated with advanced targeted adversaries
Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:
- This position will be required to pass the Microsoft background and Microsoft Cloud background check upon hire/transfer and every two years thereafter.