Key Words: Threat hunting, Malware Analysis, Process Injection, Covert C2, EDR, APT, Automated and Manual Malware Analysis
Role: Threat Hunter
Industry: Security, Information & Technology
Function: Malware Analysis, Threat Hunting, Research, Reporting, Manage Events and Triage
About Our Client
Our Client is providing an evolving, research-led platform, targeting networks 24/7, to support clients worldwide. Our client provides high-quality testing and consultancy services to their clientele. They offer specialisation in Security, Penetration Testing, Red Teaming, PCI & Payment Security, Research, Security Assessments, Compliance, Mobile Security, Incident Response, Scanning Services, Training, Threat Modelling, Cyber Security, Cyber Defence, and Phishing Assessments
About the Threat Hunter role
- You will work with a group of established threat hunters, focused on carrying out, supporting and investigations of day to day incidents detected by the company’s Managed Detection and Response service for our customers and performing research to continuously improve its capability.
- Proactively investigate host, network and log-based security events
- Manage events and triage from detection to resolution
- Static/Dynamic Malware Analysis
- Advanced Host, Network, and Memory Forensics
- Support/mentoring of junior threat hunters
- Liaise with clients and report potential findings from both a technical and business perspective
- Perform research to develop the service of the company.
- Being research-led is a key part of how the company’s service and capabilities. As such, you will be given at least 25% of your time dedicated to research. This time can be spent on a wide range of activities that progress the capability and outputs such as blogs, white papers and conference talks are encouraged!
- The company’s service monitors target networks 24/7, 365 however work is distributed between UK, Poland and Singapore offices. As such, hunters are expected to work on a rotational basis, including weekends but would not work night shifts.
Please note: Interested Applicants must be able to work in Singapore.
- You work around the following areas: “threat hunting”, “malware analysis”, “process injection”, “covert C2”, “EDR” and “APT”
- You are passionate about spotting the latest attacker techniques in the wild and using your experience to thwart and respond to the ever-evolving threats they present to our clients.
- You are both using and developing cutting edge tools to aid detection and response and are keen to keep up with the latest industry developments.
- You will have real-world experience responding to attacks of all levels, from script kiddies to nation-states, and relish sharing this experience and knowledge with the rest of the team and the industry at large.
- You keep up with the latest industry developments, are an avid reader of things like /r/netsec and follow swathes of awesome researchers on twitter to get your security knowledge fix.
- You would be able to contribute to enhancing the capability of the service, whether through direct development, research activities or media opportunities.
- You will have solid experience in both offensive and defensive security areas, either penetration testing, incident response or ideally a mixture of both.
- The role will also involve client-facing functions, including investigative reporting, breach assistance and general client technical account management.
- You are highly motivated, eager to learn and not afraid to get stuck-in, being able to work autonomously as well as part of a team is essential. The ability to effectively triage and prioritise rapidly evolving incidents, utilising a team of threat hunters and IR practitioners to support, is crucial.
- Strong knowledge of core IP networking and common protocols
- Strong understanding of Windows and Linux internals
- Hands-on experience of network, memory and host forensics
- Hands-on experience of automated and manual malware analysis (static and dynamic)
- Hands-on experience investigating & responding to comprises by advanced attackers
- Mixed skillset covering both offensive and defensive security
- Proven coding experience with C++, C#, Ruby and similar
- Proven scripting experience with Python/Powershell/Bash/WMI and similar
- Experience with modern offensive techniques and APT TTP's.
- Experience with common network traffic analysis platforms and/or SIEM solutions
If you are interested to learn more about the above job role or any other job opportunities, please apply to this job advertisement or alternatively contact the following consultant:
SearchElect Pte. Ltd. adheres to the Singapore Ministry of Manpower Tripartite guidelines on Non-Discriminatory Job Advertisements which you can find more information about HERE. If you feel any part of this job advertisement is discriminatory please immediately raise to our attention via firstname.lastname@example.org. We take these matters seriously and thank you for your cooperation.