Threat Hunting Analyst
- Working Location: Mons Belgium
- Security Clearance: NATO Secret
- Language: High proficiency level in English language
EXPERIENCE AND EDUCATION:
Essential Qualifications/Experience:
A university degree at a nationally recognised/certified University in a technical subject with substantial Information Technology (IT) content and two years of specific experience. Exceptionally the lack of a university degree may be compensated by the demonstration of a candidates particular abilities or experience that is/are of interest to NCI Agency; that is at least 4 years extensive and progressive expertise in the duties related to the function of the post
Comprehensive knowledge of the principles of computer and communications security networking and the vulnerabilities of modern operating systems and applications
Experience in analysis of threat actor group attack patterns tactics techniques and procedures (TTPs).
Knowledge of the TaHiTI threat hunting methodology and the MITRE ATT&CK framework
Strong analytical and problemsolving abilities ability to identify patterns detect anomalies and make accurate informed decisions
Experience in performing indepth cyber security analysis in large complex networks using security use cases relevant datasets and documentation
Expertise in at least three of the following areas and a high level of experience in several of the other areas:
Cyber security threat hunting
Security Information and Events Management systems (SIEM) e.g. Splunk
Splunk processing language
Network and host based intrusion detection systems
Sysmon configuration Windows and Linux log analysis
Full Packet Capture systems (FPC) e.g. Niksun RSA/NetWitness
Data visualisation and statistical analysis
Technical report writing
Desirable Qualifications/Experience:
A good understanding of Security Orchestrations Automation and Response (SOAR) concepts and their benefits to the protection of CIS infrastructures
Strong knowledge of malware families and network attack vectors
Experience in intrusion detection and incident handling
Ability to analyse attack vectors against a particular system to determine attack surface
Industry leading certification in the area of cyber security such as GCFA GCIA GNFA
DUTIES/ROLE:
Provide subject matter expertise supporting the endtoend threat hunting process
Develop hypotheses to be used in a threat hunt for given threat groups
Create security tool content such as searches reports and dashboards to facilitate threat hunting
Perform indepth analysis to deliver conclusions and recommendations
Review and develop logging configurations to enable a comprehensive threat hunting capability
Develop and document threat hunting procedures
Document analysis findings and recommendations in reports and presentations to be delivered to stakeholders
Tasks in support of NATO network monitoring and other NCSC Operations branch activities