Senior Cyber Threat Hunter

Job Description

The Experian Cyber Fusion Center (CFC) is seeking a Senior Cyber Threat Hunter to be part of a global Cyber Threat Intelligence (CTI) / Cyber Threat Hunting (CTH) team that promotes timely and actionable threat intelligence information. This is an incredible opportunity to be part of a world class organization and join a global team of highly skilled and innovative people to help us stay ahead of adversaries. The CTI / CTH team focuses on defending against emerging threats, supporting cyber investigations, and delivering situational awareness to the business.

Serve as a member of the CFC CTI / CTH team. Perform all aspects of cyber threat intelligence with a focus on cyber threat hunting, to include:

Proactively investigate security events to identify artifacts of a cyber-attack. Participate in several different areas within CFC process, to include detection use case development, security control testing, and threat hunting plan development. Follow established processes and procedures related to cyber threat hunting; be flexible to adapt to the situation. Dedicate primary daily focus to cyber threat hunt the Experian enterprise environment for threats and anomalies with intelligence gathered from All-Source Analysts, Cyber Threat Hunters, Counter-Exploitation Specialists, and CTI Tools Perform Critical Threat Defense Coordination activities until they are closed with due-diligent follow up afterwards. Develop greater holistic insight and adversarial mapping to MITRE ATT&CK tactics and techniques, Common Vulnerabilities and Exploits (CVEs), Indicators of Attacks (IOAs) / Indicators of Compromise (IOCs). Tell the story as it relates to threat actor activities and steps to take in defending the environment. Ensure assignments are managed and completed in an efficient and effective fashion. Maintain processes and procedures to include continuous review, adjustment, and improvement. Maintain a product development and dissemination schedule. Contribute to threat detection and hunting use case development through intelligence research and coordination. Develop content that will drive CFC monitoring and detection (use cases, priority, actionable and relevant intelligence) this includes the creation of Cyber Threat Hunting Products to describe and detail analysis. Closely monitor critical vulnerabilities, threat actors, and threat campaigns. Assist with incident response analysis and forensic investigations when requested. Contribute impactful, relevant, and valued CTH products, to include reporting and presentations. Assist the CTI team, as needed.

Qualifications

The primary responsibility for the Senior Cyber Threat Hunter is to proactively investigate security events to identify artifacts of a cyber-attack. The Senior Cyber Threat Hunter will support the CTI / CTH team members as well as CFC teams, to include Threat Detection, Incident Response, Digital Forensics, and Insider Threat, as well as Information Security teams to include Vulnerability Management, Endpoint Security, Edge Security, and Risk Management.

5+ years of experience in cyber threat intelligence as well as Security Operations Center roles: threat hunting, threat intelligence, threat detection, incident response, digital forensics, and/or counter-exploitation. Experience with all phases of the incident response process, and in particular, detection and containment. Strong understanding of the MITRE ATT&CK Framework, Cyber Kill Chain Model, VERIS A4 Threat Model, Diamond Model, and/or Course of Action Matrix, and how to leverage these for threat intelligence collection, analysis, and production activities. Knowledge of common tactics, techniques, and procedures (TTPs) used by threat actors with financial and/or espionage motives, and the ability to apply this knowledge to threat detection and threat hunting activities. Experience in using SIEM, SOAR, and UEBA tools. Strong experience in conducting, or the ability to quickly learn and master, Splunk queries for response, investigation, and hunting activities, is a plus. Experience using EDR and NDR tools such as SentinelOne, CrowdStrike Falcon, Carbon Black, Windows Defender, Tanium, ExtraHop and others for threat hunting is a plus. Experience with using and tuning Threat Intelligence Platforms (TIPs) for Indicator of Attack (IOA) / Indicator of Compromise (IOC) ingestion and tagging, feed analysis and reporting, and alerting and responding. Specific experience using Anomali, CrowdStrike, ThreatConnect, and Recorded Future, is a plus. Experience with at least one common scripting or programming languages, such as Python, JavaScript, and/or PowerShell. Capable of developing detection signatures (e.g., YARA, SNORT). Understanding of packet analysis and how deep packet inspection toolsets can be used to support threat identification. Strong understanding of the Windows file system and Registry functions, as well as functional knowledge of Linux and macOS. Exceptional verbal and written communication skills. Experience with briefing to executive audiences and conveying highly technical information in a clear, concise manner. Strong research skills, with the ability to spot anomalies and patterns, conduct link analysis, and draw relevance to the enterprise.

Additional Information

Experian Asia Pacific leverages cutting edge data science, inclusion and start-up mindsets to build tomorrow's credit solutions. Innovation is a critical part of Experian's DNA and practices. As is our diverse workforce, which drives our success. Everyone can succeed at Experian, irrespective of their gender, ethnicity, colour, sexuality, physical ability or age. If you have a disability or special need that requires accommodation, please let us know at the earliest opportunity.

Experian Careers - Creating a better tomorrow together

Find out what its like to work for Experian by clicking here

---