JD:
Threat Hunting capabilities:
>Perform quality threat hunting in identifying and analysing advanced persistent threats (APTs).
>Develop and execute threat hunting based on threat intelligence, behavioural analytics.
>Ability to form hypothesis and execute the same to identify the threats in the environment.
>Understanding (working experience) of on-premises & cloud environments (AWS, Azure, GCP).
>Understanding of how scripts/process work
Situational awareness & collaboration:
>Stay updated on emerging threats, vulnerabilities, and attack vectors.
>Working in collaboration with SOC and incident response teams to action preventive steps to mitigate the threats.
Analysis & detection:
>Query and analyze logs and datasets to identify IOCs and tactics, techniques, and procedures (TTPs).
>Use-case creation in SIEM & relevant technology post threat hunting to generate alerts in case of an event.
>Building of scripts for analysis and queries, and to automate threat detection and reduce false positives.
Reporting & Communication:
>Provide detailed reports and dashboards on threat hunting activities and outcomes.
>Communicate findings and recommendations to technical and non-technical stakeholders.
Other important
>Strong analytical and problem-solving skills.
>Ability to think like an adversary and simulate attack scenarios.
>Excellent communication, reporting and presentation capabilities.