Job Description

Proactively \'hunt\' for potential malicious activity and incidents across the environment using advanced threat network and host-based tools adopting Mitre Attack Framework. \xe2\x80\xa2 Perform hunting for malicious activity across the network, endpoint, and Critical Assets. \xe2\x80\xa2 Create hunting hypothesis and perform IOCs & TTPs based threat hunting and share reports with the management weekly on the findings, misconfiguration, use case development and provide suggestions for counter measurement. \xe2\x80\xa2 Expertise in hunting, managing, and writing detections using logs from Endpoint Detect and Response solutions like Carbon Black EDR, CrowdStrike EDR & Cortex XDR etc. \xe2\x80\xa2 Research on different TTP\'s for ATP Threat groups which are used by attackers during the sophisticated Cyber-attacks. \xe2\x80\xa2 Collaborates with technical and threat intelligence team to provide indications and warnings and contributes to predictive analysis of malicious activity. \xe2\x80\xa2 Perform cyber security threat hunting & detection activities with specific focus on countermeasure Tactics, Techniques and Procedures (TTPs) \xe2\x80\xa2 Contribute to the tuning and development of security information and event monitoring systems (SIEM) use cases and other security control configurations to enhance threat detection capabilities. \xe2\x80\xa2 Familiarity with threat modelling, development of attack plans, performing manual & automated Ethical Hacking, & develop proof of concept exploits. \xe2\x80\xa2 Evaluates new security technologies and products and performs engineer-level work and analysis to determine if solutions should be pursued. Additional Details: \xe2\x80\xa2 It\xe2\x80\x99s a client serving role \xe2\x80\x93 there will be KPIs and SLAs expected on role service tasks. \xe2\x80\xa2 Location is at client\xe2\x80\x99s premises \xe2\x80\x93 Synapxe ASOC\xe2\x80\x99s current location is at Serangoon but they will be moving to One North sometime in Q3 , Q4 2024. \xe2\x80\xa2 ASOC operates on a 24x7 basis, though contract states 7am to 530pm for working hours, TH and IR folks are expected to support after business hours in the event of an incident.

ITCAN