Threat Hunter / Cybersecurity Engineer (BB-78AD1)
Gefunden in: Neuvoo CH
Experience with security devices such as SIEM, IDS/IPS, HIDS/HIPS, anomaly detection, Firewall, Antivirus systems, Endpoint Detection & Response tools, and their log output.
Experience in analyzing large data sets.
Experience in using data mining, analytic and visualization tools, such as data lakes (Elastic, HDFS), Linux tools (ex. Grep, cut, sort), and regex.
Experience with industrial taxonomies like Cyber Kill Chain, Mitre's ATT&CK, MiTRE’s CAPEC, MiTRE’s CAR, NIST, CIF, SANS, and STIX 2.0.
Skills to analyze attack vectors against a particular system to determine the attack surface.
Ability to produce contextual attack models applied to a scenario.
Ability to demonstrate intrusion sets using cyber kill-chain and Tactics, Techniques, and Procedures.
Ability to co-ordinate with other security focal points during an active incident.
Knowledge of security controls, how they can be monitored, and thwarted.
Knowledge of vulnerability detection and response from a Threat Hunting point of view.
Network forensics: network traffic protocols, traffic analysis (i.e. Network flows and PCAP), intrusion detection.
Required Professional and Technical Expertise:
Analytical, logical, and Problem-Solving Skills.
Knowledge of cyber security threats, threat actors, and their associated TTP.
Knowledge of OSI layers.
Knowledge of Security Tools in Applications, Data, Networks, and Endpoint layers.
Knowledge of malware-analysis and malware functionalities.
Knowledge of native system and network policies.
Knowledge of Query structures like Regular Expression, YARA and Snort rule, AQL, and KQL types.
Basic knowledge of scripting languages like Bash, Python, and PowerShell, etc.
Knowledge of log formats for Syslog, HTTP logs, DB logs, and how to gather forensics for traceability back to a security event.
calendar_todayvor 6 Stunden
location_onSaint Gallen, Schweiz
work Cynet Systems