(Cybersecurity) Threat Hunter

What you’ll do:

• Hunt for malicious or anomalous activity across the enterprise, using the various cybersecurity tools, platforms, and capabilities available. Act in co-ordination with GCO staff to lead the development and implementation of an advanced analysis and search capability focused on identifying potentially sophisticated APT and insider threat activities within the organisation.
• Leverage a ‘cyber intelligence led approach’ to researching new and existing threat actors and associated tactics, techniques, and procedures (TTPs); develop a detailed understanding of their potential impact to the organisation, provide, develop and implement recommended solutions for improving our defensive and detective capability.
• Collaborate with Cybersecurity functions, e.g., Red Team, Cyber-threat Intelligence to develop hypotheses for the detection and/or presence of new attack techniques and evasion methods; collaborate with the wider Cybersecurity (and IT) teams to ensure that the core, underlying technological capabilities that underpin an effective and efficient operational response to current and anticipated threats and trends remain fit for purpose.
• Coordinate threat hunting activities, leveraging intelligence from multiple internal and external sources.
• Review incident and penetration testing reports and corresponding logs, to identify gaps in our detection capability and provide recommendations to improve them.
• Provide expert analytic investigative support on large scale and complex security incidents.
• Contribute to the continued evolution of hunting, monitoring, detection, analysis and response capabilities and processes and identify processes that can be automated and orchestrated to ensure maximum efficiency of Global Cybersecurity Operations resources.
• Train, mentor and inspire colleagues across the function and strengthening Cybersecurity Operations capabilities and represent Global Cybersecurity Operations at internal awareness and external cybersecurity forums.

What you need to have to succeed in this role:

• Experience in computer forensics, vulnerability analysis, cyber security analysis, penetration testing and/or network engineering.
• Extensive experience within an enterprise scale organisation; including hands-on experience of complex data centre environments, preferably in the finance or similarly regulated sector.
• Industry recognised cyber security related certifications including CEH, EnCE, SANS GSEC, GCIH, GCIA and/or CISSP.
• Formal education and advanced degree in Information Security, Cyber-security, Computer Science or similar and/or commensurate demonstrated work experience in the same.
• Expert level knowledge of intelligence analysis principles either though formal education / training or equivalent professional experience.
• Expert level knowledge and demonstrated experience in analysis and dissection of advanced attacker tactics, techniques, and procedures in order to inform adjustments to the control plane.
• Expert level knowledge of scripting, programming and/or development of bespoke tooling or solutions and technical experience of 3rd party cloud computing platforms such as AWS, Azure, and Google.
• Fluent English and excellent communication and interpersonal skills with the ability to produce clear and concise reports for targeted audiences across internal and external stakeholders.

We offer:

• A full-time contract (B2B also possible)
• Stable and long-term cooperation
• Well-defined career path at the European leader in engineering & IT consulting
• Participation in company conferences, trainings, workshops, integration meetings, etc.
• Certification and training opportunities