Gsoc Cti Senior Cyber Threat Hunter

Company Description Experian is the world’s leading global information services company. During life’s big moments - from buying a home or a car, to sending a child to college, to growing a business by connecting with new customers - we empower consumers and our clients to manage their data with confidence. We help individuals to take financial control and access financial services, businesses to make smarter decisions and thrive, lenders to lend more responsibly, and organizations to prevent identity fraud and crime. We have 20,000 people operating across 44 countries and every day we’re investing in new technologies, talented people, and innovation to help all our clients maximize every opportunity. **Job Description**: Experian GSOC is seeking a Senior Cyber Threat Hunter to be part of a global Cyber Threat Intelligence (CTI) team that promotes timely and actionable threat intelligence information. This is an incredible opportunity to be part of a world class organization and join a global team of highly skilled and innovative people to help us stay ahead of adversaries. The CTI team focuses on defending against emerging threats, supporting cyber investigations, and delivering situational awareness to the business. The primary responsibility for the Senior Cyber Threat Hunter is to proactively investigate security events to identify artifacts of a cyber-attack. They will also be expected to participate in several different areas within Security Operations and Incident Response process; these activities can include malware reversing, digital forensics, use case development, security control testing, and hunt plan development. The Senior Cyber Threat Hunter serves as a member of the GSOC CTI team. Perform all aspects of cyber threat intelligence with a focus on cyber threat hunting, to include: - Assist with developing core foundational components of the Cyber Threat Hunting program. - Dedicate primary daily focus to hunt the Experian environment for threats and anomalies with intelligence gathered from CTI sources. - Develop content that will drive GSOC monitoring and detection (use cases, priority, actionable and relevant intelligence) this includes the creation of Threat Hunting Products (CTITH) to describe and detail analysis. - Develop processes and procedures for tactical information collection, analysis and dissemination. - Ensure assignments are managed and completed in an efficient and effective fashion. - Follow all processes and procedures outlined in the Wiki. - Closely monitor critical vulnerabilities, threat actors, threat campaigns and threat actor TTPs. - Develop greater holistic insight and adversarial mapping to MITRE ATT&CK tactics and techniques, Common Vulnerabilities and Exposures (CVEs), Indicators of Attacks (IOAs) / Indicators of Compromise (IOCs). - Develop a repository of SOPs, playbooks, and checklists for hunting that aligns to MITRE ATT&CK techniques and the availability of current data. - Save past "hunts" or queries for tracking and collaboration purposes (saved work can transform one-time hunts into persistent queries). - Assist with Incident Response analysis and forensic investigations when requested. **Qualifications**: - 5+ years of experience in a technical security role in one of the following areas: threat detection, incident response, malware analysis, exploit development, and/or red team experience. - Strong understanding of incident response process, specifically with detection and containment. - Working knowledge of the Cyber Kill Chain Model, Diamond Model, Course of Action Matrix, and MITRE ATT&CK Matrix and how each methodology can be applied to threat hunting. - Experience in detecting advanced attack methodologies via log analysis and/or endpoint tools. Experience using event management tools (example: ArcSight, Splunk, or QRadar for analysis and use case development.) - Understanding of packet analysis and how deep packet inspection toolsets can be used to support threat identification. - Experience with at least one common scripting or programming languages, such as Python, JavaScript, and/or PowerShell. - Strong understanding of the Windows file system and registry functions or *NIX operating systems and command line tools. - Knowledge of common tactics used by attackers and methods for detection. - Capable of developing detection signatures (YARA, SNORT). Additional Information Our benefits include: Medical, life and dental insurance, Asociación Solidarista, International Share Save Plan, Flex Work/Work from home, Paid time off, Annual Performance Bonus, Education Reimbursement, Family Bonding, Bereavement Leave, Referral Program, and more. LI-GJ1 Experian Careers - Creating a better tomorrow together Find out what its like to work for Experian by clicking here - Experian is proud to be an Equal Opportunity and Affirmative Action employer. Our goal is to create a thriving, inclusive and diverse team where people love their work and lo