⚡ ADVANCED THREAT RESPONSE UNIT LEAD ⚡
We are looking for an Advanced Threat Response Unit Lead for a pretty great client of ours. You will be responsible for cyber threat emulation (CTE), threat hunting, cyber threat intelligence (CTI) and digital forensics incident response (DFIR)!
The ATRUL will act as the team lead for the development, management and delivery of specialised capability and services with a focus on managed security, offensive and intelligence services. The ATRUL will be required to have a high aptitude and understanding of threat tactics, techniques and procedures (TTPs) and be capable of providing oversight and review of threat detections and incident response procedures in the iSOC.
This is a team of "out of the box" thinkers working for an organisation offering extraordinary benefits (get in touch to hear more about these), who pride themselves on keeping ahead of market trends and insights!
Duties of the chosen one:
- Provide Incident Response services to clients, including technical and advisory services, hands-on technical analysis and strategy.
- Lead Threat Emulation, Incident Response and Cyber Threat Intelligence capability and service offerings.
- Take a leadership role as a Subject Matter Expert in cyber incident management and preparedness, inclusive of client communication and investigation updates.
- Mentor security engineers and Security Operations Centre analysts in network security.
- Support the Global SOC Manager in training and preparing Security Operations Centre staff.
- Contribute to the managed services sales and client engagement process which includes presentations, research, scoping and tenders.
- Implement the Cyber Threat Intelligence strategy.
- Develop, manage and maintain tools, systems and integrations used to deliver threat intelligence such as Threat Intelligence Platforms (TIP).
- Conduct threat research and modeling to inform risk appreciation, production of threat advice and development of detections.
- Develop and review Standard Operating Procedures and Concepts of Operations for the ATRU.
- Provide investigation support to critical cyber security incidents, including the deployment of agents, forensic acquisition, triage and dynamic malware analysis.
- Lead threat hunting development and support to the Security Operations Centre.
- Lead the development of services and capabilities relating to CTE, CTI and DFIR.
- Be prepared to provide the analytical or engineering support to specialist detection and response tools.
- Lead, support and participate in threat emulation activities such as red teaming, purple teaming, social engineering and phishing. This includes the build, maintenance and support of offensive security tools and systems.
Technical Knowledge: Luke Skywalker Level 100
- Degree in computer science or equivalent certifications/qualifications.
- Minimum 5 years of cyber security operations experience.
- Very good understanding of the different occurrences of incidents, scenarios and situations, including an understanding of evolving threat tactics, techniques and procedures, the MITRE ATT&CK framework and threat modelling.
- Very good understanding and experience in Incident Response, Threat Emulation, Security Operations, Cyber Threat Intelligence and Malware analysis.
- Very good understanding of the cyber security landscape and security concepts.
- Very good understanding of common protocols.
- Very good understanding of security event triage and incident handling processes.
- Very good understanding of packet analysis.
- Very good understanding of malware analysis and malware capabilities.
- Very good understanding of host and network-based detections, and deception technologies.
What kind of character are you?
- Willing to work in a 24 x 7 environment. Although the ATRU normally operates in business hours, specialists need to be prepared for after hours critical incident support.
- Commitment to continual improvement, education, personal development and a willingness to learn.
- Strong troubleshooting skills and ability to manage issues through to resolution.
- Maintains strong attention to detail in high-pressure situations.
- Strong ambition and ability to develop and expand cyber security services and product support
If you're looking for a fresh start in 2022, get in touch with Brittany and we can take it from there!
📞 0415 550 810