Opening for Threat Hunter role for a leading MNC in Hyderabad

Cyber threat hunters are information security professionals who proactively and iteratively detect, isolate, and neutralize advanced threats that evade automated security solutions. Cyber threat hunters constitute an integral part of the rapidly growing cyber threat intelligence industry. Their employment gives companies a competitive edge as opposed to using traditional rule or signature-based detection methods.

- Security experts use the 80/20 principle to assess cyber threats. Eighty percent (80%) of cyber threats are unsophisticated and can be mitigated with good security hygiene, while the remaining twenty percent (20%) tend to be more advanced threats. Still, about half of these advanced attacks can be successfully addressed with different blocking and tackling techniques.

- The other half of advanced attacks constitutes the top 10% of cyber threats. These highly advanced threats cannot be detected solely with programmatic solutions. Cyber threat hunters aim to sniff out these highly advanced cyber threats. Their job is to track and neutralize adversaries who cannot be caught with other methods. 

- The threats they hunt for can be posed by either an insider, such as an employee of the organization, or an outsider, such as an organized crime group. Threat hunters use ML (Machine Learning) and Threat Hunting frameworks and reliance on human-based proactive hypotheses. Is able to pull apart and analyze complex actor TTP(techniques and procedures), demonstrating an understanding and thought process to dissect a threat and considering opportunities to detect/mitigate.

- However, it's not the job of the cyber threat hunter to address incidents that have already happened, although they may work together with insider response teams. Instead, they search for cyber threats hiding in the noise before the attack could happen. Once potential threats are identified, cyber threat hunters gather as much information on the behavior, goals, and methods of the adversaries as possible. They also organize and analyze the collected data to determine trends in the security environment of the organization, make predictions for the future, and eliminate current vulnerabilities.

Complete JD is as below

Role Description:

The Threat Hunter will proactively search through the global estate for evidence of malicious activities in our systems and on our networks, and find ways to illuminate behaviors that have managed to evade current defenses. Rather than relying primarily on static indicators and reacting to automatic rules and alerts, the Threat Hunter uses a deep knowledge of internal defenses and the latest threat intelligence about advanced adversaries to develop hypotheses and anticipate how those attackers will seek to bypass existing controls.

The Threat Hunter is accountable for:

- Hunting for malicious or anomalous activity across the enterprise, using existing tools. Acting in co-ordination with GCO staff to lead the development and implementation of an advanced analysis and search capability focused on identifying potentially sophisticated APT and insider threat activities within the organisation.

- Researching new and existing threat actors and associated tactics, techniques and procedures (TTPs); developing a detailed understanding of their potential impact to the organisation, providing recommended solutions for improving our defensive and detective capability.

- Collaboration with the wider Cybersecurity functions, e.g. Red Team, to develop hypotheses for new attack techniques and evasion methods.

- Reviewing incident and penetration testing reports and corresponding logs, to identify gaps in our detection capability and provide recommendations to improve them.

- Providing expert analytic investigative support on large scale and complex security incidents.

- Contributing to the continued evolution of hunting, monitoring, detection, analysis and response capabilities and processes

- Training, developing, mentoring and inspiring colleagues across the function in area(s) of specialism, strengthening Cybersecurity Operations capabilities.

- Represent Global Cybersecurity Operations at internal awareness and external cybersecurity forums

This job opening was posted long time back. It may not be active. Nor was it removed by the recruiter. Please use your discretion.