Cyber Threat Hunter – Careers at John Keells Group – Colombo – LK.

Application deadline date has been passed for this Job.
  • Post Date: October 24, 2021
  • Applications 0
  • Views 366
Job Overview

Cyber Threat Hunter

Threat Hunting Service | Managed IT Services and Cyber Security Services  Company | 24 X 7

The John Keells Holdings PLC (JKH), Security Operations Center (JSOC) is a program responsible to prevent, identify, contain and eradicate cyber threats to JKH networks through monitoring, intrusion detection and protective security services to JKH information systems including local area networks/wide area networks (LAN/WAN), commercial Internet connection, public facing websites, wireless, mobile/cellular, cloud, security devices, servers and workstations.

The JSOC is responsible for the overall security of Enterprise-wide Workloads, Controlled Networks and Devices, and collects, investigates and reports any suspected and confirmed security violations.

JKH has an immediate need for a Cyber Threat Hunter to join our JSOC Cyber Team. The ideal Cyber Threat Hunter is someone who is process driven, curious, and enjoys identifying patterns and anomalies in data that are not immediately obvious.

Job Responsibilities

  • Create Threat Models to better understand the IT Enterprise,identify defensive gaps and priorotize mitigations
  • Research trending campaigns,attach vectors and search for these in business unit enviroments
  • Utilize Threat Intelligence and Threat Models to create threat hypotheses
  • Plan and scope Threat Hunt Missions to verify threat hypotheses
  • Proactively hunt for new patterns,activities, and ever-changing tactics associated with advances threat actors and iteratively search through host,network and application logs in addition to malware and code to detect advanced threats
  • When needed,work with alerts from SOC Analysts,to perform in depth analysisi and triage threat activity based on host and network activity,traffic,and protocol analysisi to identify infection vendors,the extent of the infection,and prepare high quality reports based on findings.
  • When necessary,devise and document new techniques,automation and procedures along with the service leadership
  • Document actions taken in a ticketing workflow management system and update and maintain SOPs,playbooks,work instructions
  • Prepare and report risk analysis and threat findings to appropriate stakeholders
  • Create,recommend and assist with development of new security content as the result of hunt missions to include signatures,alerts,workflows and automation
  • Coordinate with different teams to improve threat detection,response and improve overall security posture of the Enterprise
  • Respond to business unit specific investigation requests around software/application vulnerabilities,zero days,and security incidents
  • Be tool agnostic and we value concepts over tools.The ideal candidate must possess an acute ability to adapt to any tool
  • Adhere to internal opearational security and other JKG policies
  • Foster a culture of collaboration and build team members strenghts
  • Implement risk management programs for business units by utilizing NIST,CIS compliance frameworks


Person Specifications


  • Bachelor’s degree
  • Must be able to obtain and maintain the required clearance for this role
  • 3 plus years experiecne serving as a SOC Analyst or Incident Responder or working in security information and or technology engineering support experience
  • Extensive knowledge on endpoint,threat intelligence,possible attack activities such as network probing and scaning,DDOS,malicious code activity,etc, as well as the functioning of specific applications or underlying IT infrastructure including common network infrastructure devices such as routerd and switches,networking protocols such as TCP or IP,DNS,HTTP/S
  • Experiece in security technologies such as Security information and event management(SIEM),IDS/IPS,Data Loss Prevention (DLP),Proxy,Web Application (WAF),Endpoint detection and response (EDR), Anti-Virus,Sandboxing,network and host based firewalls,Threat Intelligence,forensic tools,malware analysis,Penetration Testing,etc.
  • Knowledge of Advanced Persistent Threats(APT) tactics,techniques and procedures
  • Strong analytical and problem solving skills
  • Ability ro work independently with minimal direction,self starter/self motivated
  • Excellent spoken and written communication skills


  • Basic knowledge in programming langauges such as python,Java,Ruby or Kusto Query Language (KQL)
  • Works well both in team enviorment and independently
  • Excellent interpersonal and organizational skills
  • Self motivated to improve knowledge and skills
  • A strong desire to understand the what and why and the how of security incidents
  • Prior professional service experience
  • Certifications (ex CompTIA Cybersecurity Analyst (CySA+),Certification in Certified Intruion Analyst (GIAC), Continuos Monitoring (GMON), Certified Ethical Hacker (CEH) or equivalent)




Job Detail
  • Offered SalaryNot Specified
  • Career LevelNot Specified
  • Experience3 Years
  • GenderBoth
  • INDUSTRYIT-Software
  • QualificationBachelor's Degree
Shortlist Never pay anyone for job application test or interview.