Cyber Threat Hunting Analyst
Japan Tobacco International
- Taguig City, Metro Manila
- Permanent
- Full-time
1. Contribute to correlate threat actor profiles and TTPs to attack vectors to develop new use cases or hypothesis for hunting campaigns.
2. Provide support to ensure the service is adequately delivered together with our MSSP provider and consistently integrated with the other security platforms and services.
3. Collaborate to enhance and maintain partnership with other Information Security functions to deliver shared outcomes that measurably improve JTI SOC efficiency to detect and respond to threats.
4. Create reports and propose corrective actions to enhance the IT security posture.Desirable: Certifications (any security certification like but not exclusive to the following): CEH, CISSP, OSCP, GIACWhat you will do?1. Threat Detection
Support to the log onboarding process and contribute to the implementation of new monitoring use cases along with their lifecycle.
Support to the creation of visibility/detection coverage mappings and the identification of gaps to detect relevant threats, actors and tools.
Provide security monitoring backup to ensure no security detections are missed.2. Threat Hunting
Support Threat Hunting program creation, maintenance and continuous improvement.
Contribute to the creation of threat hunting hypothesis.
Participate in Threat Hunting activies based on TTPs and IOCs triggered by CTI, threat hunting hypothesis, security monitoring, incident response or others.
Contribute to the development of new monitoring use cases based on threat hunting results.3. Cross-functional collaboration
Participation in Threat Modelling in conjunction with Cyber Threat Intelligence functions.
Support Incident Response during significant or major Security Incidents, collaborate in the creation of triage playbooks and collaborate in the reduction of number of false positives.
Collaboration with TSC for security product enhacement or problems/misconfigurations resolution.4. Thrid-Party collaboration
Collaborate and align with security vendor/MSSP provider to ensure that service delivery and support meet performance and business objectives.5. Reporting
Participate in the creation of reporting based on metrics to measure effectiveness of Threat Detection and Hunting service.Who are we looking for?
- University Degree in the area of Computer sciences or related field
- 1+ years of relevant experience as a member of a Threat Detection, Hunting, Incident Response, Malware Analysis, or similar role. Previous Red/Purple Teamer experience is a plus.
- Good understanding of Cybersecurity fundamentals, Threat Landscape, Attack Vectors, Threat Actors and their Tactics Techniques and Procedures.
- Familiarity or background in Intelligence Driven Defense, Cyber Kill Chain methodology, and/or MITRE ATT&CK framework.
- Knowledge on security platforms (XDR, IDS/IPS, WAF, etc.).
- Experience with Microsoft products is a plus. E.g. Microsoft Defender for Enpoint.
- Relevant experience of SIEM and Data Lake searching languages (Splunk and Microsoft suite are a plus).
- Knowledge of Windows system internals, Web Applications and APIs.
- Familiarity with nation state, criminal, and financially motivated actor groups.
- A proven track record in protecting large global and distributed organisations.
- Scripting skills is a plus