Job Description

At AIA we\'ve started an exciting movement to create a healthier, more sustainable future for everyone. If you believe in developing a better tomorrow, read on. WE ARE LOOKING FOR The role of the candidate is to be a part of GIS Cybersecurity team to function as a Senior Manager in the Cyber Threat Intelligence Team. The role requires to proactively investigate security events to identify artifacts of a cyber-attack detect advanced threats that evade traditional security solutions, threat actor-based investigations, creating new detection methodology, support incident investigations and monitoring functions. Threat hunting includes using both manual and machine-assisted capabilities, that aims to find the Tactics, Techniques and Procedures (TTPs) of advanced adversaries. The candidate must have a curious investigative mindset, experienced in information security, and the ability to communicate complex ideas to varied stakeholders. Develop, document, and maintain cyber threat hunting framework Hunt and identify for threat actor groups, techniques, tools and procedures (TTPs) Perform threat hunting through analysis of anomalous log data to detect and mitigate cyber threat activities Actively develop threat hunting hypothesis, translating hunt activities into an iterative process, and automating the process of hunting for cyber threats Review alerts generated by security monitoring tools and provide recommendation to enhance alerts for more efficient monitoring Provide forensic analysis of network packet captures, DNS, proxies, malware, host-based security, and application logs, as well as logs from various data sources Provide expert investigative support during large scale and complex security incidents Analysis of security incidents to enhance security monitoring and alert catalogue Investigate and validate suspicious events by using open-source and proprietary intelligence sources Document and communicate findings to an array of audiences which includes both technical and executive teams Continuously improving processes and use cases on security monitoring tools Keep up to date with information security news, adversary techniques and threat landscape Support day-to-day operations, ensuring efficient delivery of Cyber Threat Intel services. Candidate may be asked to be involved in additional supporting role for strategical work and security related projects Job Requirements : Must have a minimum 8 years of experience in a technical security role in one of the following areas: Operating System security, Network security, Internet or Web security, Endpoint security Experience with researching and incorporating Cyber Threat Intelligence findings into threat hunting workflow Knowledge and experience working with MITRE ATTACK framework, Cyber Kill Chain Model or Diamond Model Experience with incident response process, including detecting advanced adversaries, log analysis and malware triage Experience with Netflow or PCAP analysis Experience with Windows file system and registry functions or .Nix operating system and command line tools Knowledge and experience in developing detection signatures (YARA, SNORT) Knowledge of malware and threat actor\'s behavior, and how common protocol and applications work at network level.

foundit