Cyber Security Threat Hunter

Summary about this job

Detail information about job Cyber Security Threat Hunter. Terms and conditions vacancy

• Exciting role for anyone interested in joining our technology team
• Docklands Location - The amazing new Collins Square
• Or North Sydney if you prefer!

The Cyber Security Threat Hunter will be responsible for the assessment and co-ordination of the current and planned security posture for MLC data network infrastructure and platforms, providing recommendations for improvement and risk reduction; Identify and propose process improvements and identify opportunities for new processes and procedures to reduce risk; Support security incident response as required; First line responder to reported or detected incidents.

Key Accountabilities:

• Design and build custom tools for investigations, hunting, and research
• Assist in the design, evaluation, and implementation of new security technologies
• Lead response and investigation efforts into advanced/targeted attacks
• Hunt for and identify threat actor groups and their techniques, tools and processes
• Identify gaps in IT infrastructure by mimicking an attacker?s behaviours and responses
• Provide expert analytic investigative support of large scale and complex security incidents
• Perform Root Cause Analysis of security incidents for further enhancement of alert catalogue
• Continuously improve processes for use across multiple detection sets for more efficient Security Operations
• Review alerts generated by detection infrastructure for false positive alerts and modify alerts as needed
• Develop dashboards and reports to identify potential threats, suspicious/anomalous activity, malware, etc.
• Provide forensic analysis of network packet captures, DNS, proxy, Netflow, malware, host-based security and application logs, as well as logs from various types of security sensors
• A passion for research, and uncovering the unknown about internet threats and threat actors

Security Incidents

• Lead Incident Handling efforts
• General SIEM monitoring, analysis, content development, and maintenance
• Research, analysis, and response for alerts; including log retrieval and documentation
• Conduct analysis of network traffic and host activity across a wide array of technologies and platforms
• Assist in incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts
• Compile detailed investigation and analysis reports for internal consumption and delivery to management
• Track threat actors and associated tactics, techniques, and procedures (TTPs)
• Capture intelligence on threat actor TTPs and develop countermeasures in response to threat actors
• Analyse network traffic, IDS/IPS/DLP events, packet capture, and FW logs
• Analyse malicious campaigns and evaluate effectiveness of security technologies
• Develop advanced queries and alerts to detect adversary actions 

Cyber Intelligence

• Serves as the expert which shall be responsible for providing expert cyber threat and intelligence technical support to all sites listed in the place of performance.
• Monitor external threat intelligence sources e.g CERT, security bulletins and open source sources to assess the risk to infrastructure and services.
• Identify credible, new intelligence and subject matter resources relative to current and emerging threats
• To review information security audits of IT systems. Track and manage identified vulnerabilities to ensure on-going visibility of issues through to mitigation, and to report on the status of identified vulnerabilities.
• To support the ongoing capture and submission of information security management metrics to support the continual improvement of the ISMS.
• Support intelligence metric definition and reporting

Application Security

• Establish security best processes and practices for our on-premise and cloud-based platforms.
• Provide expert knowledge and guidance to the product teams about security vulnerabilities and remediation controls
• Perform Architectural risk analysis and threat modeling, secure design and source code review
• Establish supply chain security process and ensure 3rd party software meet the standards
• Perform secure code review across a variety of programming languages
• Help tune Web Application Firewalls (WAF) and modify WAF policy to virtually patch applications where required

Information Security Assurance

• Identifies gaps, recommend security enhancements and implement appropriate controls to effectively manage information risks as needed
• Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk
• Maintains strong working relationships with individuals and groups involved in managing information risks across the organisation. Works with other platform teams and Management Assurance to meet regulatory and compliance standards.

Skills & Experience:

• 7 years+ in Information Security space.
• Strong experience with multiple network operating systems.
• Strong experience with cloud provider network ecosystems, including Amazon AWS and Microsoft Azure.
• Strong experience with logging and alerting platforms, including SIEM integration.
• Current understanding of Industry trends and emerging threats.
• Working Knowledge of incident response methodologies and technologies.
• Familiarity with latest security vulnerabilities, advisories, incidents, penetration techniques, understanding of attacks, and determination of countermeasures. 
• Good experience with cyber security in the domains of cyber threat intelligence and analysis, security monitoring and Incident Response.
• Knowledge and experience in Windows / Linux Operating Systems, baseline security configurations, Patch Management for these OSs.
• The candidate should have one certification out of the following, at the minimum - CISSP (or CISSP Associate) and/or OSCP. 
• Ability to communicate and modify approach, language, and style to different audiences
• Worked in a regulated financial services environment.   

You will be joining the Infrastructure, Workplace & Security Platform Management Team. We?re an ambitious team, with big goals. You?ll be there to drive a secure and compliant technology estate and to oversee the security platform strategy as it develops, the performance as it tracks, and the celebrations as we succeed.

MLC Life Insurance supports an inclusive workplace and celebrates diversity. Through our diversity we are more innovative, make better decisions, and have a richer understanding of our customers and people.

Interested? Apply Now!