Threat Hunting Analyst

Threat Hunting Analyst

• Working Location: Mons, Belgium
  
• Security Clearance: NATO Secret
  
• Language: High proficiency level in English language
  

EXPERIENCE AND EDUCATION:

Essential Qualifications/Experience:

A university degree at a nationally recognised/certified University in a technical subject with substantial Information Technology (IT) content and 2 years of specific experience. Exceptionally, the lack of a university degree may be compensated by the demonstration of a candidates particular abilities or experience that is/are of interest to NCI Agency; that is, at least 4 years extensive and progressive expertise in the duties related to the function of the post

Expert level in at least three of the following areas and a high level of experience in several of the other areas

Cybersecurity threat hunting

MITRE ATT&CK Framework

Security Incidents Event Management products (SIEM) e.g. Splunk

Splunk Processing Language

Network Based Intrusion Detection Systems (NIDS) e.g. SourceFire, Palo Alto Network Threat Prevention

Host Based Intrusion Detection Systems (HIDS)

Sysmon

Full Packet Capture systems e.g. Niksun, RSA/NetWitness

Computer security tools (Vulnerability Assessment, Anti-virus, Protocol Analysis, Anti-Virus, Protocol Analysis, Anti-Spyware, etc.)

Proficiency in Intrusion/Incident Detection and Handling

Comprehensive knowledge of the principles of computer and communications security, networking, and the vulnerabilities of modern operating systems and applications

Industry leading certification in the area of Cybersecurity such as GCFA, GCIA, GNFA

Knowledge and experience in Splunk Enterprise Security suite

A good understanding of Security, Orchestrations, Automation and Response (SOAR) concepts and their benefits to the protection of CIS infrastructures

Knowledge and experience in threat hunting in corporate/government level environment

Strong knowledge of malware families and network attack vectors

Experience in analysis of various threat actor groups, attack patterns and tactics, techniques, and procedures (TTPs), deep analysis of threats across the enterprise by combining security rules, content, policy and relevant datasets

Ability to analyze attack vectors against a particular system to determine attack surface

Provide subject matter expertise supporting the end-to-end threat hunting process

Develop hypotheses to be used in a threat hunt

Create security tool content such as searches, reports and dashboards to facilitate threat hunting

Perform in-depth analysis of suspicious activity to deliver conclusions and recommendations

Review and develop logging configurations to enable a comprehensive threat hunting capability

Develop and document threat hunting procedures

Share the results of threat hunts via presentations and technical reports