Cybersecurity Threat Hunting Advisor

This job is no longer active!

View all jobs Dell Technologies active


View all jobs Cybersecurity Threat Hunting Advisor active on Hipo.ro

View all jobs IT Software active on Hipo.ro


Employer: Dell Technologies
Domain:
  • IT Software
  • Job type: full-time
    Job level: peste 5 years of experience
    Location:
  • BUCHAREST
  • Cluj Napoca
  • Iasi
  • nationwide
    Updated at: 20.05.2022
    Short company description

    Here’s our story; now tell us yours:

    Dell Technologies helps organizations and individuals build a brighter digital tomorrow. Our company is made up of more than 150,000 people, located in over 180 locations around the world. We’re proud to be a diverse and inclusive team and have an endless passion for our mission to drive human progress.

    We started with computers, but we didn’t stop there. We are helping customers move into the future with multi-cloud, AI and machine learning through the most innovative technology and services portfolio for the data era. Join us and become a part of what’s next in technology, starting today.

    You can also learn more about us by reading our latest Diversity and Inclusion Report and our plan to make the world a better place by 2030 here.

    Dell is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Dell are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. Dell will not tolerate discrimination or harassment based on any of these characteristics. Dell encourages applicants of all ages. Read the full Equal Employment Opportunity Policy here.

    Requirements

    Essential Requirements:

    - 3+ years of professional experience or equivalent combination of education/experience.
    - Bachelor’s Degree in Information Systems, or a related field or relevant experience.
    - Good knowledge and understanding of Tactics, Techniques, and Procedures (TTP) used as means of profiling a certain threat actor.
    - Excellent problem-solving skills with the ability to assess and derive threat hunting hypothesis using, but not limited to, threat intelligence reports and analysis.
    - Strong knowledge of networking, infrastructure and application security fundamentals, concepts and frameworks.

    Desirable Requirements:

    - Professionals with relevant Security (e.g. GCFA, GCIH, GNFA, GCWN, GCUX, GCIA, CISSP, Security+, CCNP, eJPT, eCTHP, SANS etc.) certifications preferred.
    - Previous hands-on experience with or knowledge of incident response procedures and/or best practices and/or knowledge of security infrastructure (firewalls, proxy, etc.) is a plus.

    Responsibilities

    - Threat hunting - using a holistic approach to analyze threats, based on, but not limited to, internal threat intelligence reports and/or open-source articles and reports related to new security threats, but not limited to: derive actionable indicators - IOCs and TTPs define threat hunting hypothesis based on derived indicators, define threat hunting content for detection and/or monitoring solutions (EDR - RSA ECAT, CarbonBlack; SIEM - Splunk), define testing scenarios for hunting and/or detection content before pushing into pre-production: simulate TPs and normal activities (FP whitelisting purposes); retro-hunting based on the indicators related to a threat actor.
    - Threat hunting - maintain and develop the existent custom threat hunting automation system, propose and develop any automation mechanism that can increase the process efficiency: use scripting language to automate hunting mechanism for threats (eg. PowerShell, Python); develop new components that can be integrated with existent custom and/or COTS solutions used within CSIRT, monitor the results of the automated hunts and develop hunting reports.
    - Threat hunting - Create and/or work incidents and/or investigations for suspicious and/or true positives found during hunting activities. True Positives, as being hunting results for a specific threat, will be analyzed/worked by threat hunting analyst and results will be disseminated to the relevant and/or other involved teams from CSIRT.
    - Threat hunting - create reports based on the threat hunting activities findings, executive reports to be included into periodically threat team reporting and/or technical reports to be included into related incident/investigation IR reporting.
    - Threat hunting - analyze the threat hunting detections only content hits and statistics, create accuracy and efficiency reports and propose new content to be transition to alerts for IR teams, using Agile methodology for the entire process; Incident response - during incident investigations, the analyst will actively participate in incident response process, executing forensic investigations activities: Analyze computer data, network traffic, e-mail activity, integrity and logs; Work with forensic tools to image hard drives, uncover files and present in a format for legal purposes. Properly document legal hold and other e-discovery activities.