Overview:
Core42 CFC helps defend its clients from cyber-attacks, through timely detection, investigation and remediation of potential threats.
Our Cyber Fusion Center is a hub of innovation and expertise, where we leverage advanced technologies to stay ahead of cyber adversaries. We are currently seeking a skilled Threat Defense Operations (TDO) Specialist to join our dynamic team.
The TDO Specialist will focus on understanding the changing threat landscape, hunt for threats, build new detections, fine-tune/improve existing detections, ensure appropriate security orchestration and automated detection & response coverage for Core42 CFC.
The TDO Specialist will work within the Threat Defense Operations team in Cyber Fusion Center for Core42. The analyst will work closely with multiple teams, including incident response, threat intelligence, and security engineering in a fast moving and agile environment.
Responsibilities:
- Threat hunting across customers environments searching for attackers or remnants of their activity.
- Develop detection logic tailored to enterprise threat landscape using industry-specific intelligence and developed use cases.
- Design, develop, and implement effective security use cases and rules within the Security Information and Event Management (SIEM) system.
- Develop and Drive Security Orchestration, Automation and Response efforts for Core42 CFC.
- Operationalize Indicator of Compromise from intelligence feeds by developing, testing, and deploying monitoring and alerting rules into SIEM.
- Work closely with Security Engineering in onboarding new data sources and with Cyber Threat Intelligence (CTI) personnel for development of relevant use cases across various client networks.
- Coordinate with technical architects to identify and recommend new internal and external data sources to develop additional threat detection logic.
- Conduct research in areas, including security principles, host and network-based security technologies, machine learning algorithms, and mitigation methods.
Essential Job Functions
- Perform threat hunting campaigns utilizing information on adversary tools, tactics & procedures (TTPs) and knowledge of how they manifest in security data sources & system telemetry.
- Develop advanced alerting capabilities based on threat intelligence, post-incident findings, new threats, and vulnerabilities.
- Develop Microsoft Sentinel content including Detection rules, Functions, Playbooks, LogicApps and Query Time Parser.
- Specialize in Microsoft Azure Sentinel to enhance cloud security for our clients.
- Integrate SOAR platform with other security tools and APIs through platform inbuilt apps and custom apps to execute automated workflows.
- Build, Test, Deploy and Automate content in SIEM, NDR, EDR, etc via security orchestration and automation playbooks/workbooks.
- Research and deploy modern technologies or enhancements to support business objectives related to security detection, threat hunting, forensics, and response.
Good to have
- Experience working with various Cloud platforms, such as AWS, GCP or Azure.
- Experience working with Artificial intelligence and Machine learning technologies used for security detection.
- Experience working in, or related to, Operational Technology (OT), Industrial Control Systems (ICS) and/or IoT industries.
Qualifications:
- Should have at least 2+ years of experience on Threat Hunting
- Should have at least 1+ year experience in Detection Engineering / content development
- Should have worked in incident response team
- Should have experience on elastic stack
- BA/BS/BE or MS degree in IT, Computer Science or equivalent required.
- 3+ years of experience in one or more of the following areas : detection engineering, proactive and reactive threat hunt techniques, security automation, incident response, digital forensics.
- 1+ years of experience with SOAR platforms such as FortiSOAR, Phantom, Cortex, XSOAR, Swimlane, etc.
- Experience with SOC SOPs, playbooks, work instructions and/or other process documents.
- Relevant professional certifications in information technology or cloud security e.g. CISSP, CCSP, SANS 508 (GCFA), SEC504 (GCIH), Azure.
- In depth understanding of industry standard threat frameworks (Lockheed Martin Cyber Kill Chain, Diamond Model, MITRE ATT&CK).
What we look for
If you are a performance-driven, inquisitive mind with the agility to adapt to ambiguity, you will fit right in. You should be eager to explore opportunities to build meaningful collaborations with stakeholders and aspire to create unique customer-centric solutions. Bias for action and a passion to conquer new frontiers in the AI space is at the heart of the Core42 community.
What working at Core42 offers
Culture: An open, diverse and inclusive environment with a global vision that encourages personal growth and focuses on ground-breaking, industry-first innovations.
Career: Outstanding learning, development & growth opportunities via structured training programs and innovative, high-tech projects.
Work-Life: A hybrid work policy to strike the perfect balance between office and home.
Rewards: A competitive remuneration package with a host of perks including healthcare, education support, leave benefits and more.
If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible.