Threat Hunting Analyst

• Perform intelligence led proactive threat hunts across the organization, utilising a range of tooling available, and focusing hunts on relevant behavioural tactics, techniques, and procedures (TTPs) identified as potential threats to the organization.
• Contribute to detection engineering initiatives by identifying opportunities for, and implementation of new detections as an output of threat hunts completed.
• Support other functions within security operations by responding to hunt requests and by applying expertise in advanced actors and TTPs for ongoing incidents, working closely with our incident responders.
• Research new attack behaviours and TTPs used by threat actors, leading to new hunting and detection opportunities.
• Assist in the development and maturity of the threat hunting process and team through development of cutting edge hunting techniques and introduction of automation into the threat hunting process.
• Develop threat hunting hypothesis in collaboration with the threat intelligence team, helping to track relevant threat actors, campaigns and emerging threats and the TTPs they use.
• Help in defining the metrics, measurements and analytical tools to quantify surface area of risk, business impact and implement mechanisms to track progress on efforts to reduce those risks.
• Represent threat hunting to the wider information security team, and to the wider business, including senior stakeholders, through reporting, presentations and knowledge sharing sessions.
• Adapts quickly to changing priorities, seeks new ideas, and re-align with team’s priority/roadmap to maximize business productivity.

• Good understanding of cyber threats, attack vectors, and common exploitation techniques.
• Proficiency in using threat intelligence platforms, open-source tools, and SOC technologies such as Google Chronicle SIEM, CrowdStrike EDR/EPP, Vectra NDR, Qualys VM, Recorded Future TI, etc.
• Proficiency in multiple query languages such as YARA, CrowdStrike QL or SPS with an ability to manipulate and analyse large data sets.
• Expertise in formulating threat hunting hypotheses and working with available data sets to determine conclusions.
• Solid understanding of current TTPs used by threat actors and an ability to replicate behaviours in a lab environment to generate telemetry.
• Direct experience working with the Mitre ATT&CK Framework or similar, with an ability to utilise the framework to identify detection gaps for threat hunting.
• Strong competence being able to quickly respond to emerging threats, showcasing an ability to develop and perform hunts, while working under strict deadlines.
• Strong understanding of Windows, Linux, and network protocols.
• Strong knowledge of industry frameworks and standards, such as STIX/TAXII, MITRE ATT&CK, and threat intelligence sharing platforms.
• Excellent written and verbal communication skills, including the ability to present complex technical information to both technical and non-technical audiences.
• Strong analytical and critical thinking skills, with the ability to analyze complex data sets and identify actionable insights.
• Proven experience in collaborating with cross-functional teams and providing guidance on threat intelligence-related matters.

• Bachelor’s degree in computer science, Information Technology, Cybersecurity, or in a related field. A master’s degree or Relevant Cyber Security certifications (e.g. CTIA, CREST PTIA, MITRE’s MAD, CySA+) are a plus.
• 4-7 years of total experience in SOC in a large multi-national organization or in a known MSSP. In addition to SOC Engineering experience, candidate should possess at least 2+ year of experience on Threat Hunting capabilities.

METRO Global Solutions Center