This is a Security Analyst position focused on identifying malicious activity on the client network.
This threat hunting role touches on multiple domains to include network forensics, host forensics, mobile forensics, and malware analysis.
A
successful candidate will research and understand different TTP’s used by cyber threat actors, then apply that knowledge to find
malicious activity on or against the network.
Daily duties:
· Review Network, Host, and or Mobile device logs for anomalious activity
· Research new TTPs to monitor for on the network
· Develop detection methodologies for such TTPs
· Perform deep dive research into technologies of interest
· Identify gaps in visability and work to remediate
· Identify and recommend process creation and improvements
Required: Knowledge of the following security tools and concepts:
· Famialiarty with cloud best practices and logging
· Knowledge of computer networking
· In depth knowledge of Windows OS
· Working knowledge of Packet analysis tools (such as Wireshark)
· Working knowledge of log corelation utilitites
· Ability to identify malicous activity in emails, documents, and on webpages
· Substantial experience with and knowledge of typical attack vectors, network exploitation techniques, and exfiltration channels
Desired Skills:
· Experience with Yara, PowerShell, and/or cloud-based infrastructure (O365, Azure)
· Experience with Splunk or other security information and event management (SIEM) tools.
· Experience with one or more programming languages, preferably at least one high level and one low level language. Examples include Python, Java, C, and x86 ASM.
· Expereience analyzing iOS file systems
Feel free to contact Rob Soligan: [log in to unmask] or
571-435-6943 concerning this position.