Qualifications:

• Bachelor’s degree in Cybersecurity, Computer Science, Information Security, or a related field.

• Equivalent work experience may be considered in lieu of a degree for highly qualified candidates.

• 5+ years of experience in cybersecurity roles, with a focus on threat hunting, incident response, and forensic investigations.

• Deep understanding of cyber attack lifecycle, adversary behaviors, and advanced threats (e.g., MITRE ATT&CK, Cyber Kill Chain).

• Experience with SIEM (Splunk, Azure Sentinel.), EDR (CyberReason, Microsoft Defender.), SOAR, and forensic tools.

• Proficiency in log analysis, network traffic analysis (PCAP, NetFlow), and endpoint telemetry for threat detection.

• Hands-on expertise in memory forensics, disk forensics, malware analysis, and triage investigations.

• Strong scripting and automation skills (Python, PowerShell, Bash, etc.).

• Knowledge of cloud security principles (AWS, Azure, GCP) and cloud-native threat detection methodologies.

• Ability to work under pressure and rapidly respond to high-severity security incidents.

Required Certifications (At least one):

• GIAC Certifications: GCIH (Incident Handler), GCFA (Forensic Analyst), GNFA (Network Forensics), GREM (Reverse Engineering Malware), or GCIA (Intrusion Analyst).

• Offensive Security Certifications: OSCP, CRTO, GPEN, or similar.

• Cloud Security Certifications: AWS Security Specialty, Azure Security Engineer, or equivalent.

Preferred Certifications (Bonus):

• CISSP, CISM, or other industry-recognized security certifications.

• CEH, CHFI, or similar for additional forensic and ethical hacking expertise.

Proactive Threat Hunting & Threat Intelligence:

• Conduct proactive threat-hunting using SIEM, EDR, and threat intelligence platforms to detect indicators of compromise (IOCs) and advanced persistent threats (APTs).

• Develop custom detection rules and analytics based on MITRE ATT&CK, TTPs, and anomaly-based behaviors.

• Identify gaps in security monitoring and work with SOC and engineering teams to improve detection capabilities.

• Ability to correlate threat intelligence with internal telemetry to identify emerging threats.

Incident Response & Recovery:

• Lead incident response investigations, including root cause analysis, containment, eradication, and recovery of impacted systems.

• Perform digital forensics and malware analysis to understand attack vectors and minimize dwell time.

• Develop and maintain incident response playbooks, forensic methodologies, and breach response strategies.

• Collaborate with cross-functional teams to ensure effective business recovery and resilience following security incidents.

Security Analytics & Automation:

• Leverage SIEM, SOAR, and EDR/XDR solutions to correlate security events and streamline threathunting workflows.

• Automate common investigative tasks to improve efficiency and reduce manual overhead.

• Continuously assess and refine incident detection and response procedures to stay ahead of evolving threats.

• Experience securing and monitoring network protocols (e.g., DNS, HTTP, SMB) to identify abnormal traffic patterns.

Vulnerability & Risk Management:

• Work closely with vulnerability management teams internally and with external MSSP partners to identify and prioritize remediations based on real-world exploitability.

• Assess and improve endpoint, network, and cloud security configurations to mitigate security risks.

Collaboration & Reporting:

• Provide management-level briefings and technical reports on threat hunting findings, incidents, and security trends.

• Collaborate with MSSP, security architects, and SOC analysts to enhance defensive security strategies.

• Participate in tabletop exercises, purple team engagements, and post-mortem reviews to enhance incident response preparedness.