Job title:
principal engineer - threat hunting and response
about the role:
the cyber security operations center is an advanced global team passionate about active defense against sophisticated cyber threats and attacks.
key responsibilities:
* forensics and incident response: serve as an escalation point for investigations into security incidents involving advanced threat actors and tactics, techniques, and procedures (ttps). Perform forensic collection and analysis of electronic assets, devices, scripts, malicious software, and log sources from various systems and applications. Manage incident response activities, including scoping, communication, reporting, and remediation planning.
* threat hunting: review incident and intelligence reports from internal and external sources. Develop hypotheses, analyze techniques, and execute hunts to identify threats. Collaborate with security teams and stakeholders to implement countermeasures and improve defenses. Respond to major incidents as part of the incident response team.
* big data analysis and reporting: use security information and event management (siem) and big data tools to identify abnormal activities and extract insights. Research, develop, and enhance content within siem and other platforms.
* technologies and automation: work with engineering teams to design, test, and implement playbooks, workflows, and automations. Research and evaluate new technologies, providing recommendations for improvements.
* daily operations: conduct host-based, artifact, network packet, and malware analysis to support investigations. Coordinate investigation and containment activities with stakeholders. Maintain documentation, including response playbooks and processes. Mentor junior staff and escalate severe incidents. Create incident reports with findings and recommendations. Develop and tune detection logic and sensors. Assess existing security solutions for their effectiveness against ttps. Create custom siem queries and dashboards for monitoring threats. Participate in on-call rotations for incident triage and response.