Our client’s philosophy is focused on changing the mind-set of the industry, moving away from SOC’s filled will alert-fatigued analysts waiting for their SIEM to flag yet another false-positive and moving towards offensively trained, proactive threat hunters, who understand the attacker mind-set and can root out even the most sophisticated adversaries across both the network and the endpoint.

Role Description

They are currently looking for a Threat Hunter with a background in one or more of threat hunting, digital forensics, attack detection or penetration testing. The successful candidate will work with a group of established threat hunters, focused on carrying out, supporting and resolving day to day investigation of events generated by the attack detection service for our clients.

If any of the following resonates with you, this could be the role for you:

• Terms like “threat hunting”, “malware analysis”, “process injection”, “covert C2”, “EDR” and “APT” fuel your excitement.
• Terms like “SOC”, “SIEM”, “Alerts”and “Cyber Threat Map” make you sad inside.
• When you aren’t hunting, you are learning awesome new InfoSec skills, not watching Netflix.
• You love nothing more than learning about and spotting the latest attacker techniques in the wild and using your experience to thwart and respond to the ever evolving threats they present to our clients.
• You keep up with the latest industry developments, are an avid reader of things like /r/netsecand follow swathes of awesome researchers on twitter to get your security knowledge fix.

What we need…

Our client’s platform is a dynamic and rapidly evolving product, which is heavily research lead. The service will require threat hunters to monitor the target networks 24/7, 365. Although late night hours will be covered by distributing analysis between our client’s UK and Singapore offices, hunters may expect to work on a rotational basis with other analysts to cover evenings and weekend hours.

Responsibilities…

• Proactively investigate host, network and log based security events
• Manage events and triage from detection to resolution
• Malware Triage/Basic Analysis
• Basic Host, Network, and Memory Forensics
• Liaise with clients and report potential findings from both a technical and business perspective
• Assist in development of the service

Who we think will be a great fit…

• You will be able to contribute to enhancing the capability of the service, whether through direct development, research activities or media opportunities.
• You will have had exposure or experience in either offensive or defensive security, either penetration testing, incident response or ideally a mixture of both.
• Basic knowledge of core IP networking and common protocols
• Scripting experience with Python/Powershell/Bash/WMI or similar
• Strong understanding of Windows and Linux systems
• Candidates hold or could obtain a UK Government security clearance
• Highly motivated, eager to learn and not afraid to get stuck-in,
• Able to work autonomously as well as part of a team is essential.
• Ability to effectively triage and prioritise rapidly evolving incidents, utilising a team of threat hunters and IR practitioners to support

Bonus Points…

• Experience investigating compromise events and/or SOC experience
• Ability to differentiate between regular traffic and anomalies
• Experience of network, memory or host forensics
• Experience of automated or manual malware analysis (static and dynamic)
• Mixed skillset covering both offensive and defensive security
• Experience with modern offensive techniques and APT TTP’s.
• Experience with common network traffic analysis platforms and/or SIEM solutions
• (Preferable) – Relevant security certifications – Crest CRIA/CCNIA/CCMRE/CCHIA, SANS GIAC, GCFA, OSCP/CRT

Who we are…

Our client is a research-led cyber security consultancy working with clients around the world. They provide specialist advice and solutions on all areas of security, from professional to managed services through to commercial and open source security tools. Their focus is working with clients to develop and deliver security programmes, tailored to meet the needs of each individual organisation.

In a rapidly changing technology landscape, innovation is essential and their ambition is to push boundaries sets them apart. They are not satisfied with the first answer, they break things, reverse and research them until yhey have an understanding that is of real value. Central to this philosophy is the desire to deliver high quality cyber security consulting services and unsurpassed levels of support to their clients.

This is a great opportunity to work with some awesome people in a thriving business. If you have the ambition and expertise to fulfil this role then please contact us.