Threat Hunter
TENEX.AI · Sarasota, FL · 2 wk ago
HybridManagementFull-time
Key Responsibilities
- Threat Hunting
- Proactively search for indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) used by threat actors.
- Analyze and correlate security telemetry from various sources, including SIEM, EDR, network logs, and threat intelligence feeds.
- Conduct threat modeling and hypothesis-driven investigations to uncover hidden threats.
- Collaborate with SOC analysts and incident responders to investigate and contain security incidents.
- Develop and refine detection rules, signatures, and threat hunting methodologies.
- Stay ahead of emerging threats by researching new attack vectors, adversary techniques, and malware trends.
- Provide detailed reports on findings, including mitigation strategies and recommendations.
- Contribute to the continuous improvement of threat detection capabilities through automation and AI-driven analysis.
- Threat Monitoring & Detection
- Monitor security alerts and events across the enterprise network, using both traditional cybersecurity tools and AI/ML-powered threat detection systems.
- Leverage Google Chronicle's capabilities for threat intelligence and log analysis, enhancing visibility and providing insights into potential security incidents.
- Apply AI to identify patterns, anomalies, and behaviors indicative of potential security incidents, reducing false positives and improving detection accuracy.
- Incident Response & Analysis
- Investigate and analyze security incidents and breaches, leveraging AI to automate initial analysis and enhance threat hunting efforts.
- Utilize Google SecOps and Chronicle's advanced tools to centralize security data, correlate events, and accelerate incident response workflows.
- Apply machine learning algorithms to identify emerging threats and trends, providing actionable insights for incident response.
- Google SecOps & Chronicle Integration
- Work with Google SecOps platform tools to streamline security operations, improve threat visibility, and automate workflows.
- Collaborate with IT, Security, and Data Science teams to integrate Google Chronicle’s capabilities into the SOC, enhancing threat detection and incident resolution.
- Optimize Google Chronicle for log management, threat hunting, and advanced analytics.
- Security Automation
- Develop and maintain automated workflows for common security incidents, leveraging AI for intelligent decision-making and faster response times.
- Automate routine SOC tasks such as log analysis, incident classification, and threat intelligence enrichment using Google SecOps and Chronicle integrations.
- Reporting & Documentation
- Create detailed incident reports, risk assessments, and threat intelligence summaries, integrating AI-driven findings and insights.
- Prepare regular performance and security posture reports for internal stakeholders, highlighting key AI-driven improvements and threat mitigation outcomes.
- Collaboration & Knowledge Sharing
- Work closely with cross-functional teams (e.g., IT, Customer Success, DevOps, Engineering, Data Science) to promote and improve AI-driven security initiatives and improve the customers' overall security posture.
- Share knowledge of AI-powered security techniques and Google SecOps tools with SOC team members to enhance their capabilities in threat detection and incident response.
- Education: Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent work experience.
- Relevant certifications (e.g., CISSP, CISM, CEH) are a plus.
- Experience: 3+ years of experience in a Threat Hunting, Security Operations Center (SOC) or a similar security-focused role.
- Strong understanding of attacker methodologies, malware analysis, and digital forensics.
- Hands-on experience with security tools such as SIEM, EDR, SOAR, and forensic analysis platforms.
- Proficiency in scripting languages (Python, PowerShell, etc.) for automating threat detection and analysis.
- Interest in applying automation and/or artificial intelligence and machine learning techniques to cybersecurity tasks, such as threat detection, anomaly detection, and security automation.
- Hands-on experience with security analytics, log management, threat hunting, and incident response.
- Hands-on experience with Google SecOps platform (Google Chronicle) is a strong plus.
- Hands-on experience with the Microsoft security platform (Sentinel, Defender) is a plus.
- Strong understanding of cybersecurity concepts and frameworks (e.g., NIST, Mitre, ISO, Killl Chain).
- Experience with AI/ML tools for cybersecurity, such as intrusion detection systems (IDS), SIEM tools, and security automation platforms.
- Proficiency in scripting languages (e.g., Python, PowerShell) for automation and integration.
- Knowledge of security technologies such as firewalls, endpoint protection, IDS/IPS, and threat intelligence platforms.
- Practical experience working with Google SecOps tools and Chronicle for centralized threat intelligence and event correlation a plus.
- Strong analytical and problem-solving skills.
- Team player, ability to work with internal teams and external customers.
- Ability to work under pressure in a fast-paced, dynamic environment.
- Experience with security orchestration, automation, and response (SOAR) platforms.
- Exposure to cloud security platforms (e.g., AWS, Azure, Google Cloud) and the associated risks.