Cyber Threat Hunt Consultant m/f/d

  • DXC Technology
  • Freiburg im Breisgau, Germany
  • 26/04/2021
Full time Data Science Data Analytics Big Data Data Management Statistics

Job Description

The main goal of Cyber Threat Hunting is to proactively identify undetected cyber threats affecting DXC´s customers. To accomplish this, the Cyber Threat Hunt Consultant is able to effectively ascertain and leverage trustworthy open and closed-source cyber threat intelligence data feeds and comprehensively analyze actionable cyber threat observables pertinent to the organizations. The Cyber Threat Hunt Consultant should have strong familiarity with the principles of network and endpoint security, current threat and attack trends, an understanding of the OSI model, and have a working knowledge of defense in depth strategies, to be able to identify emerging and persistent threats to the organization's networks, systems, and applications.

Responsibilities:

  • Define Threat Model for customers, create hypothesis for threats, analyze and correlate accordingly customer data leveraging host, network, and (other) data logs
  • Investigate and assess the impact of security events based on hits on indicators of compromise (IOCs) or behavioral patterns (Tactics, Techniques, and Procedures, TTPs)
  • Develop innovative ways to detect threats and anomalous behavior leveraging logs
  • Lead detecting, investigating, and resolving security events
  • Conduct detailed security event analysis from network traffic attributes and host-based attributes (memory analysis, binary analysis, etc.) to identify information security incidents
  • Report to customers findings and advise how to strengthen their security posture
  • Identify and propose areas for improvement within Threat Hunting and Incident Response

Personal skills and qualities:

  • Good communication skills and customer centric focus - ability to communicate clearly and in a timely manner with all customers, partners and users, internal and external
  • Good analytical and troubleshooting skills
  • Good report writing skills
  • Team player. Ability to collaborate and cooperate with members of team and members of other teams
  • Understanding of 24x7 mission critical enterprise computing environments and the impact of service disruption on a company’s bottom line
  • Ability to pro-actively learn new technology, processes and other skills
  • Able to pro-actively search for solutions from knowledge bases, support documentation and other information.
  • Keen interest in continual learning and professional development
  • Flexible, self-motivated with the ability to work under pressure in an international and culturally diverse organization

Technical skills:

In General:

  • Experience of EDR technologies
  • Experience of Forensic Investigation tools
  • Knowledge of IT Operations, infrastructure services support (Systems NT, UX, Storage, Backups, DB’s or Network management), security incident and security processes
  • Understanding of ITSM/ITIL processes

Experience and/or certification in three or more of the following security realms:

  • Threat Monitoring & Alerting, Threat Analysis & Response, Cyber Threat Intelligence
  • Security Incident Response (SIR) / Security Incident Management (SIM)
  • Security Operations - Security Event Management, GCIRT, End Point Security, IDS alert analysis
  • Network Security - VPN, IPsec, SSL, Apache Web Server, IP tables, DNS, IP, Firewall Logs, TCP/UDP, SSH, Proxy logs analysis
  • System Logs – Unix, Linux, Windows
  • Malware Analysis, Reverse Engineering
  • Penetration Testing, Adversarial Emulation, Red Team exercises, Vulnerability Management
  • Security Architecture Design, Security Risk Assessment, Audit Facilitation & Remediation
  • Mobile device security

Education (degree) and professional experience required:

  • University Degree/Diploma in Computer Science, Computer Engineering, Electrical Engineering, Management Information Systems or equivalent certifications (CHFI, CISSP, CEH, CompTIA Security +, GCIH, GREM, GCFA).

3+ years’ hands-on technical knowledge in:

  • Endpoint Detection and Response (EDR)/Network Security Monitoring (NSM) tools or
  • Monitoring and analysis of event logs/system logs, from Windows Operating Systems, Unix/Linux Operating Systems or
  • Monitoring and analysis of event logs/system logs from network devices, e.g. Cisco PIX/Switches/Routers, VPN gateways or network captures etc.

Other requirements:

  • Fluent in English language

The DXC location for this position in Germany is Freiburg