Cybersecurity Threat Hunting Advisor

Who we are

We believe that each of us has the power to make an impact. That’s why we put our team members at the center of everything we do. If you’re looking for an opportunity to grow your career with some of the best minds and most advanced tech in the industry, we’re looking for you.

Dell Technologies is a unique family of businesses that helps individuals and organizations transform how they work, live and play. Join us to build a future that works for everyone because Progress Takes All of Us.

Dell Technologies is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. Read the full Equal Employment Opportunity Policy here.

Essential Requirements:

- 3+ years of professional experience or equivalent combination of education/experience.
- Bachelor’s Degree in Information Systems, or a related field or relevant experience.
- Good knowledge and understanding of Tactics, Techniques, and Procedures (TTP) used as means of profiling a certain threat actor.
- Excellent problem-solving skills with the ability to assess and derive threat hunting hypothesis using, but not limited to, threat intelligence reports and analysis.
- Strong knowledge of networking, infrastructure and application security fundamentals, concepts and frameworks.

Desirable Requirements:

- Professionals with relevant Security (e.g. GCFA, GCIH, GNFA, GCWN, GCUX, GCIA, CISSP, Security+, CCNP, eJPT, eCTHP, SANS etc.) certifications preferred.
- Previous hands-on experience with or knowledge of incident response procedures and/or best practices and/or knowledge of security infrastructure (firewalls, proxy, etc.) is a plus.

- Threat hunting - using a holistic approach to analyze threats, based on, but not limited to, internal threat intelligence reports and/or open-source articles and reports related to new security threats, but not limited to: derive actionable indicators - IOCs and TTPs define threat hunting hypothesis based on derived indicators, define threat hunting content for detection and/or monitoring solutions (EDR - RSA ECAT, CarbonBlack; SIEM - Splunk), define testing scenarios for hunting and/or detection content before pushing into pre-production: simulate TPs and normal activities (FP whitelisting purposes); retro-hunting based on the indicators related to a threat actor.
- Threat hunting - maintain and develop the existent custom threat hunting automation system, propose and develop any automation mechanism that can increase the process efficiency: use scripting language to automate hunting mechanism for threats (eg. PowerShell, Python); develop new components that can be integrated with existent custom and/or COTS solutions used within CSIRT, monitor the results of the automated hunts and develop hunting reports.
- Threat hunting - Create and/or work incidents and/or investigations for suspicious and/or true positives found during hunting activities. True Positives, as being hunting results for a specific threat, will be analyzed/worked by threat hunting analyst and results will be disseminated to the relevant and/or other involved teams from CSIRT.
- Threat hunting - create reports based on the threat hunting activities findings, executive reports to be included into periodically threat team reporting and/or technical reports to be included into related incident/investigation IR reporting.
- Threat hunting - analyze the threat hunting detections only content hits and statistics, create accuracy and efficiency reports and propose new content to be transition to alerts for IR teams, using Agile methodology for the entire process; Incident response - during incident investigations, the analyst will actively participate in incident response process, executing forensic investigations activities: Analyze computer data, network traffic, e-mail activity, integrity and logs; Work with forensic tools to image hard drives, uncover files and present in a format for legal purposes. Properly document legal hold and other e-discovery activities.