Job Description

AVEVA is a global leader in industrial software. Our cutting-edge solutions are used by thousands of enterprises to deliver the essentials of life \xe2\x80\x93 such as energy, infrastructure, chemicals and minerals \xe2\x80\x93 safely, efficiently and more sustainably.

We\xe2\x80\x99re the first software business in the world to have our sustainability targets validated by the SBTi, and we\xe2\x80\x99ve been recognized for the transparency and ambition of our commitment to diversity, equity, and inclusion. We\xe2\x80\x99ve also recently been named as one of the world\xe2\x80\x99s most innovative companies.

If you\xe2\x80\x99re a curious and collaborative person who wants to make a big impact through technology, then we want to hear from you! Find out more at https://www.aveva.com/en/about/careers/

Primary Duties

• Identify and track threat actor groups of their techniques, tools, and procedures (TTP) while maintaining current knowledge of tools and best practices of Advanced Persistent Threats (APT).
• Perform cyber threat hunting activity using threat intelligence, analysis of anomalous log data, and results of brainstorming sessions to detect and eradicate threats.
• Use the MITRE ATT&CK framework to analyze malicious campaigns and evaluate the effectiveness of security technologies.
• Research and contributes to provide world class security techniques and automation for internal use that enable the team to operate at high speed and broad scale.
• Work with AVEVA\xe2\x80\x99s Cyber Security Threat Intelligence analyst on the threat Intelligence feeds and solutions to identify threats, prioritize, recommend countermeasures, and perform advanced network & host analysis in the event of a compromise.
• Determine true threats, false positives and network system misconfiguration and provide recommendation and solutions to issues detected in a timely manner.
• Development and socialization of the end-to-end framework and processes for the management of threat hunting services across the group.
• Work with internal security teams, security programs and 3rd party to provide data driven insights into existing and emerging threats.
• Support threat intelligence team to provide threat informed defenses to improve the prioritization of preventative controls and mitigations to improve defenses of AVEVA.
• Engaged and Collaborate with Red Team to analyze and evaluate the effectiveness of existing security controls against identified TTPs.
• Support Cyber Security DFIR Team to internal incidents by performing cyber threat hunting activity during investigations and building a common understanding of threat activities.
• Proactively identifying, Investigating, and provide support on hunting potential attacks and security risks on AVEVA networks and systems using various platform dashboards and threat feeds.
• Develop operations processes, procedures, and checklist documentations, such as cyber threat hunting process, playbook, and guidelines.
• Assist in incident response activity from cyber threat hunter perspective using AVEVA defined Security Incident Response framework such as NIST.
• Reports to Cyber Threat Intelligence & Hunting manager concerning security events, incident trends, residual risk, vulnerabilities, and other security exposures, including misuse of information assets and noncompliance.
• Works with the Cyber Security DFIR Team and any required partners/business functions such as R&D to resolve security events, incidents, and service requests from cyber security threat hunting perspective.
• Ensures compliance of security processes and procedures and supports service-level agreements (SLAs) to ensure that security controls are managed and maintained.
• Contributes through security advisories, blogs, and other communication channels on current and emerging security threats to AVEVA assets and people via the security awareness programme.
• Operate cyber threat hunting reporting service against defined schedule and agreed reporting templates.
• Be available to provide reactive support to critical security incidents outside standard business hours as part of a rota.

Additional Duties

Under the guidance of Cyber Threat Intelligence & Hunting Manager

• Assist with control improvements to identify control weaknesses and contributes to threat advisories.
• Participates in security investigations and compliance reviews, as requested by internal or external team.
• Maintain awareness of applicable regulatory standards, upstream risks, and industry leading security practices.
• Provide feedback and recommendations on existing and new security tools and techniques for the improvement of analysis, hunting, incident investigation and security controls.

Educational Qualifications

• Minimum of five years information and cyber security experience as Cyber Security Threat Hunter, Incident Response Analyst or Senior Cyber Security Analyst (SOC lvl 3).
• Bachelor\'s degree in information systems or equivalent work experience in relevant information and cyber security domain.
• Security certification from a recognized organization such as ISC2, CompTIA, ECCouncil, SANS Institute is as advantage.
• Technology standard certification such as from Cisco, SIEM, Cloud or Microsoft is an advantage.

Technical Competency and Experience

• Experience using cyber threat hunting platform and provide reports within the cyber security, geopolitical, or any other security domains.
• Experience in cyber threat hunting both proactive and reactive hunting as well as in purple team initiative.
• Excellent understanding of cyber threat attack vectors, threat intelligence framework such as Mitre Att&ck and how they are used, and methods to detect and mitigate them.
• Excellent technical knowledge of Microsoft Operating Systems. Knowledge and experience of Linux and Macintosh.
• Good technical knowledge of:

• Cyber Security Threat Intelligence
• Cyber Security Threat Intelligence controls
• Cyber Security Threat Hunting
• Network traffic and protocol analysis of security events from network devices, firewalls, intrusion detection and prevention systems
• Endpoint Detection and Response controls
• Endpoint protection and anti-malware controls
• Identity and access management (IAM) systems
• Email and phishing protection
• Cloud security, such as Azure or AWS
• Experience using scripting and automation with languages such as Powershell, Python, YARA & PERL is an advantage.
• Experience in various search or query language such as SPL, KQL, SQL, and OSQuery is an advantage.
• Experience in writing and converting SIGMA, YARA, Snort or Suricata rules is an advantage.
• Technical experience using Security Information and Event Management (SIEM) and analysing log data.
• Good knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls.
• Knowledge and experience in developing and documenting security processes, plans, procedures, and guidelines.
• Good knowledge and understanding of common information security management frameworks such as such as MITRE ATTACK, International Organization for Standardization (ISO) 2700x and the ITIL, COBIT and National Institute of Standards and Technology (NIST) or Center for Internet Security (CIS) frameworks.

Occupational Personality

• Strong analytical thinking skills with strong written and verbal communication and a good attention to detail.
• Ability to work both independently and collaboratively as a team member, be curious and to ask questions.
• Ability to interact with AVEVA\'s personnel at all levels and across all business units and organizations, and to understand business objectives and values.
• A strong internal client focus, with the ability to manage expectations appropriately, to provide a superior internal client experience and build long-term relationships.
• Passionate about security, with a keenness to develop own skills and knowledge outside of working environment.
• Confident in recording and presenting key findings and conclusions to different levels of the business.

AVEVA requires all successful applicants to undergo and pass a comprehensive background check before they start employment. Background checks will be conducted in accordance with local laws and may, subject to those laws, include proof of educational attainment, employment history verification, proof of work authorization, criminal records, identity verification, credit check. Certain positions dealing with sensitive and/or third party personal data may involve additional background check criteria.

AVEVA is an Equal Opportunity Employer. We are committed to being an exemplary employer with an inclusive culture, developing a workplace environment where all our employees are treated with dignity and respect. We value diversity and the expertise that people from different backgrounds bring to our business.

Come and join AVEVA to create the transformative technology that enables our customers to engineer a better world.

AVEVA