Online since 1999 | 6,778 IT Jobs Live NOW

Senior/Principal Threat Hunting Analyst

Premium Job From QinetiQ
Recruiter: QinetiQ
Listed on: 19th August 2020
Location: Malvern
Salary/Rate: Competitive
Salary Notes: Competitive
Type: Permanent
Start Date: ASAP

This job has now expired please search on the home page to find live IT Jobs.

The role is to develop and lead the new Threat Hunting capability at the heart of the threat hunting service. This is part of a portfolio of cyber security services provided by our Enterprise Cyber business to internal and external clients.

The role includes: proactively searching for and detecting advanced persistent threats, developing and leading a team to do this including training and coaching junior cyber analysts, developing QinetiQ's threat hunting capability (in the context of QinetiQ's wider cyber security capability) maturity from Level 1 to Level 2 and beyond (ref. UK Government Threat Hunting Capability Maturity Model, "Detecting the Unknown: A Guide to Threat Hunting", v2.0 March 2019")

This is not a shift or night working role.

Key Accountabilities:
Proactively search and detect advanced persistent attacks underway on a system
Reverse engineer and analyse attacks (including malware) to understand their tools, methods and root causes
Create hypotheses and investigate using modern tools and techniques
Create use cases for detecting new threats, either as a result of research, collaboration (e.g. red/purple teaming), Threat Intelligence (TI), in response to incidents, or using your intuition
Engage in research projects regarding detection methods
Summarise findings in the form of blogs, reports or whitepapers, tailoring the technical content to suit the intended audience
Lead a team in a complex organisational environment that does all of this drawing on expertise from other areas as required
Deliver effectively in an operational environment fully integrated with our other cyber security services, meeting targets and delivering to service level agreements
Develop the maturity of the Threat Hunting capability
Coach and train more junior cyber analysts to become capable threat hunting analysts

Apply data analytics to inform and enrich understanding

Key Capabilities/Knowledge:

Expertise in alert monitoring, incident response and technical forensics
Understanding of network and endpoint characteristics, and normal behaviour thereof
Understanding of threat intelligence and how to use it effectively
Appreciation and/or qualifications in cyber red teaming and security engineering
Detailed understanding of Tactics, Techniques and Procedures (TTPs) used by advanced Threat Actors
Detailed understanding of security technologies such as intrusion detection and prevention technologies, endpoint protection and proxies and ability to interpret log data produced by these technologies
Knowledge of relevant frameworks such as MITRE ATT&CK, GPG-13 and CIS 20
Knowledge of relevant regulations and legislation such as ISO 27001, GDPR and the Computer Misuse Act
Able to develop hypothesis for threat hunting investigations
Able to write SQL queries, REGEX expressions and PowerShell/bash scripts
Able to use intelligence from a variety of sources (e.g. OSINT tools) to hunt for attackers
Able to perform simple static and dynamic malware analysis
Able to communicate across domains (business, technical, commercial) as well as with third parties
Able to build and lead teams
Able to work effectively in an operational environment and meet milestones & targets

Working knowledge of Cloud functions and capabilities (SaaS, Serverless functions, IAM)
Able to perform complex malware analysis
Able to define tailored, tactical and strategic remediation plans for compromised organisations following a cyber incident
Knowledge of Agile methodology, project and risk management

Experience & Qualifications

Experience of working in an information security role in an operational environment
Demonstrated ability to proactively detect Advanced Persistent Threats, in addition to Hacktivists, ‘Script Kiddies' and other adversaries
Experience utilizing threat hunting tools and big data platforms
Security Information and Event Management (SIEM) experience, ideally both Splunk and LogRythym, including content development and use case creation
Operational network security experience, including configuring network architecture, host, data and/or application security in multiple operating system environments
Experience of Digital Forensics investigations using network and host data
Experience of utilizing Endpoint Detection and Response (EDR) tools, including the investigatory and response modules and developing signals

A Bachelor's Degree in Computer Science, Computer Networks, Information Security or other related technical discipline or equivalent experience
Experience working in a dedicated, specialist Threat Hunting team
Relevant market domain experience (e.g. Government, Critical National Infrastructure, Defence)
Digital Forensics using memory analysis
Qualification such as CREST Practitioner Intrusion Analyst (CPIA), SANS Certified Intrusion Analyst (GCIA), Certified Incident Handler (GCIH), Cisco Certified Network Professional Security (CCNP Security),
Completion of relevant training courses (e.g. SANS SEC487, SEC504, FOR500, FOR508, FOR572, etc.)
Experience developing the capabilities of junior CSOC analysts

Person Specification:
A true passion for cyber security, and a relentless desire to stay ahead of the adversaries, evidenced by significant continuous professional development
Flexibility to meet operational requirements is essential
Ability to work well as part of a team, cooperatively and professionally
Ability to lead, and work effectively with, individuals with varying levels of experience
Multi-Tasker with willingness and ability to learn and adapt quickly
Ability to work unsupervised and adhere to process and policy
Outstanding attention to detail
Self-starting and motivated
Analytical and deeply curious
Strong written, verbal and customer service skills
Demonstrates a positive attitude towards change and suggest improvements
Ability to offer mentoring and learning support to junior practitioners