Job Responsibilities

• Create Threat Models to better understand the IT Enterprise,identify defensive gaps and priorotize mitigations
• Research trending campaigns,attach vectors and search for these in business unit enviroments
• Utilize Threat Intelligence and Threat Models to create threat hypotheses
• Plan and scope Threat Hunt Missions to verify threat hypotheses
• Proactively hunt for new patterns,activities, and ever-changing tactics associated with advances threat actors and iteratively search through host,network and application logs in addition to malware and code to detect advanced threats
• When needed,work with alerts from SOC Analysts,to perform in depth analysisi and triage threat activity based on host and network activity,traffic,and protocol analysisi to identify infection vendors,the extent of the infection,and prepare high quality reports based on findings.
• When necessary,devise and document new techniques,automation and procedures along with the service leadership
• Document actions taken in a ticketing workflow management system and update and maintain SOPs,playbooks,work instructions
• Prepare and report risk analysis and threat findings to appropriate stakeholders
• Create,recommend and assist with development of new security content as the result of hunt missions to include signatures,alerts,workflows and automation
• Coordinate with different teams to improve threat detection,response and improve overall security posture of the Enterprise
• Respond to business unit specific investigation requests around software/application vulnerabilities,zero days,and security incidents
• Be tool agnostic and we value concepts over tools.The ideal candidate must possess an acute ability to adapt to any tool
• Adhere to internal opearational security and other JKG policies
• Foster a culture of collaboration and build team members strenghts
• Implement risk management programs for business units by utilizing NIST,CIS compliance frameworks

Person Specifications

Required

• Bachelor’s degree
• Must be able to obtain and maintain the required clearance for this role
• 3 plus years experiecne serving as a SOC Analyst or Incident Responder or working in security information and or technology engineering support experience
• Extensive knowledge on endpoint,threat intelligence,possible attack activities such as network probing and scaning,DDOS,malicious code activity,etc, as well as the functioning of specific applications or underlying IT infrastructure including common network infrastructure devices such as routerd and switches,networking protocols such as TCP or IP,DNS,HTTP/S
• Experiece in security technologies such as Security information and event management(SIEM),IDS/IPS,Data Loss Prevention (DLP),Proxy,Web Application (WAF),Endpoint detection and response (EDR), Anti-Virus,Sandboxing,network and host based firewalls,Threat Intelligence,forensic tools,malware analysis,Penetration Testing,etc.
• Knowledge of Advanced Persistent Threats(APT) tactics,techniques and procedures
• Strong analytical and problem solving skills
• Ability ro work independently with minimal direction,self starter/self motivated
• Excellent spoken and written communication skills

Preferred

• Basic knowledge in programming langauges such as python,Java,Ruby or Kusto Query Language (KQL)
• Works well both in team enviorment and independently
• Excellent interpersonal and organizational skills
• Self motivated to improve knowledge and skills
• A strong desire to understand the what and why and the how of security incidents
• Prior professional service experience
• Certifications (ex CompTIA Cybersecurity Analyst (CySA+),Certification in Certified Intruion Analyst (GIAC), Continuos Monitoring (GMON), Certified Ethical Hacker (CEH) or equivalent)