Mandatory Skills
Required any one of the certification.
GIAC Continuous Monitoring Certification (GMON),
GIAC Information Assurance Certified Intrusion Analyst (GCIA),
Information Assurance Certified Incident HandlerGIAC (GCIH)
• Proactively 'hunt' for potential malicious activity and incidents across the environment using advanced threat network and host-based tools adopting Mitre Attack Framework.
• Perform hunting for malicious activity across the network, endpoint, and Critical Assets.
• Create hunting hypothesis and perform IOCs & TTPs based threat hunting and share reports with the management weekly on the findings, misconfiguration, use case development and provide suggestions for counter measurement.
• Expertise in hunting, managing, and writing detections using logs from Endpoint Detect and Response solutions like Carbon Black EDR, CrowdStrike EDR & Cortex XDR etc.
• Research on different TTP's for ATP Threat groups which are used by attackers during the sophisticated Cyber-attacks.
• Collaborates with technical and threat intelligence team to provide indications and warnings and contributes to predictive analysis of malicious activity.
• Perform cyber security threat hunting & detection activities with specific focus on countermeasure Tactics, Techniques and Procedures (TTPs)
• Contribute to the tuning and development of security information and event monitoring systems (SIEM) use cases and other security control configurations to enhance threat detection capabilities.
• Familiarity with threat modelling, development of attack plans, performing manual & automated Ethical Hacking, & develop proof of concept exploits.
• Evaluates new security technologies and products and performs engineer-level work and analysis to determine if solutions should be pursued.
Additional Details:
• It’s a client serving role – there will be KPIs and SLAs expected on role service tasks.
