Principal Threat Hunting Analyst
Our client are experts in defence, aerospace, security and related markets. They draw on extensive technical knowledge and intellectual property to provide the know-how and support to solve some of the world's most challenging problems. Their people make the critical difference to important customers by providing unique approaches to problem solving. Why don't you join some of the world's finest scientific and technical minds and help make tomorrow work today?
As the organisation continues to grow into new markets around the world, there's never been a more exciting time to join. The formula for success is an appetite for innovation, courage to take on a wide variety of complex challenges and motivated people who work to deliver the best possible solutions to partners. Joining this market-leading company offers an opportunity to work on highly technical cutting edge projects, enabling customers to protect, improve and advance their vital interests.
Working here is more than just a job - as an innovative science and technology company, the organisation solves their customer's most challenging problems and many of the projects you will work on are of national importance. Everything is focused on defending sovereign capability, protecting lives and securing the vital interests of customers.
This is an exciting opportunity to develop and lead the new Threat Hunting capability at the heart of our client's threat hunting service. This capability is part of a portfolio of cyber security services provided by the Enterprise Cyber business to internal and external clients.
In this role you'll proactively search for and detect advanced persistent threats as well as develop and lead a team to do this by coaching more junior cyber analysts. A key part of the position will be to develop our client's threat hunting capability maturity from Level 1 to Level 2 and beyond.
You will have a true passion for cyber security, and a relentless desire to stay ahead of the adversaries, evidenced by significant continuous professional development throughout your career. We're looking for someone with an ability to drive forward the capability and have a desire to lead individuals with varying levels of experience.
As one of our client's Senior / Principal Analysts, previous experience within a dedicated, specialist Threat Hunting team is essential and any relevant market domain experience (e.g. Government, Critical National Infrastructure, Defence) would be a distinct advantage.
This is not a shift or night working role.
This role will involve a wide range of responsibilities which may include:
- Proactively search and detect advanced persistent attacks underway on a system
- Reverse engineer and analyse attacks (including malware) to understand their tools, methods and root causes
- Create hypotheses and investigate using modern tools and techniques
- Create use cases for detecting new threats, either as a result of research, collaboration (e.g. red/purple teaming), Threat Intelligence (TI), in response to incidents, or using your intuition
- Engage in research projects regarding detection methods
- Summarise findings in the form of blogs, reports or whitepapers, tailoring the technical content to suit the intended audience
- Lead a team in a complex organisational environment that does all of this drawing on expertise from other areas as required
- Deliver effectively in an operational environment fully integrated with other cyber security services, meeting targets and delivering to service level agreements
- Develop the maturity of the Threat Hunting capability
- Coach and train more junior cyber analysts to become capable threat hunting analysts
Capabilities / Knowledge
We're ideally looking for someone with a strong mix of technical 'hand-on' skills as well as the leadership qualities to drive our service forward. If your previous experience is more orientated to technical roles rather than leadership (and vice-versa), we still want to hear from you!
- Expertise in alert monitoring, incident response and technical forensics
- Understanding of network and endpoint characteristics, and normal behaviour thereof
- Understanding of threat intelligence and how to use it effectively
- Appreciation and/or qualifications in cyber red teaming and security engineering
- Detailed understanding of Tactics, Techniques and Procedures (TTPs) used by advanced Threat Actors
- Detailed understanding of security technologies such as intrusion detection and prevention technologies, endpoint protection and proxies and ability to interpret log data produced by these technologies
- Knowledge of relevant frameworks such as MITRE ATT&CK, GPG-13 and CIS 20
- Knowledge of relevant regulations and legislation such as ISO 27001, GDPR and the Computer Misuse Act
- Able to develop hypothesis for threat hunting investigations
- Able to write SQL queries, REGEX expressions and PowerShell/bash scripts
- Able to use intelligence from a variety of sources (e.g. OSINT tools) to hunt for attackers
- Able to perform simple static and dynamic malware analysis
- Able to communicate across domains (business, technical, commercial) as well as with third parties
- Able to build and lead teams
- Able to work effectively in an operational environment and meet milestones & targets