Expoint - all jobs in one place

The point where experts and best companies meet

Limitless High-tech career opportunities - Expoint

Armis Threat Hunter/Threat Intel Analyst 
Canada 
189375220

21.09.2024
Responsibilities:
  • Configure tools and detect patterns/outliers within client environments matching tactics, techniques or procedures (TTPs) of known threat actors, malware or other unusual or suspicious behaviors.
  • Conduct cyber hunts in support of identifying emerging threats on behalf of multiple clients, often operating as a lead investigator.
  • Provide investigative support of large scale and complex security incidents across multiple clients and support their SOC team through the investigation, recommendations, response, and post mortem efforts.
  • Create detailed Incident Reports and contribute to lessons learned in collaboration with client teams.
  • Monitor multiple client environments and investigate & report on emerging threats.
  • Contribute to executive summary reports and help deliver reported findings and recommendations to client audiences.
  • Develop & document technical risk reduction recommendations in relation to findings and overall trends.
  • Support client and internal reporting & dashboarding customization efforts within the Armis platform, as required.
  • Work with internal teams on orchestration & tool based enablement and optimization of team processes supporting overall service delivery.
  • Partnering with internal Threat Research on TTPS
  • Contribute to the documentation of simple and reusable hunt tactics and techniques for the extended and shifting team delivering threat services.
  • Help identify, provide design input, and prioritize product feature requests in support of Armis threat hunting capabilities both from the perspective of the internal service and over-arching consuming organizations.
  • Establish & maintain client-specific cyber hunt & monitoring playbooks.
  • Operate as subject matter expert (SME) point of contact for clients during business hours.
Qualifications:
  • Bachelor’s Degree in Cybersecurity related field preferred
  • 2-3 years of Cybersecurity experience
  • 1+ years experience with Python with Git
  • 1+ threat intelligence and MISP experience is preferable
  • 1+ years experience in any automation technology i.e. Torq, Scripting
  • Experience with securing and hardening IT infrastructure.
  • Experience with threat feed research; collect, prioritize, organize and application.
  • Experience with the threat hunting complete life cycle; developing hunt hypothesis, analyzing and processing intelligence, find trigger, investigation, response and recommendations
  • Advanced knowledge of log analysis, PCAP analysis, traffic flow analysis and experience with associated infrastructure and systems to aid in the identification of malware or other malicious behavior.
  • Demonstrated or advanced experience with computer networking and operating systems.
  • Experience with operational security, including security operations center (SOC), incident response, evidence assessments, malware analysis, or IDS and IPS analysis.
  • Knowledge of networking protocols and infrastructure designs; including routing, firewall functionality, host and network intrusion detection systems, encryption, load balancing, and other network protocols.
  • Knowledge of TTPs involved in current APT threats and exploits involving various operating systems, applications and protocols, including working knowledge of the Cyber Kill Chain and MITRE ATT&CK Matrix.
  • Excellent written and verbal communication skills, analytical ability, and the ability to work effectively with peers.
  • Ability to both support partner meetings and projects.
  • Experience applying machine learning to cybersecurity problems is a plus.