Cloud Threat Hunter
WithSecure is world renowned for its security products and services for protecting endpoints and more recently cloud infrastructure.
We provide Countercept – a world leading Managed Detection and Response (MDR) service that detects and responds to cyber-attacks on behalf of our clients using a strong combination of people, process, and technology. Due to the increasing importance of cloud security, Countercept are hiring cloud threat hunters to deliver their Cloud Detection for AWS and Azure services. The service is continuously improved using knowledge from real-world attack techniques identified during Incident Response engagements or novel techniques during consulting research. The role will provide you with an opportunity to learn from our cloud experts and potentially progress into a range of cloud security roles.
The cloud threat hunter role involves both uncovering new and emerging offensive and defensive techniques and advising customers on incident management and cloud security posture.
What we need…
WithSecure Countercept are looking for a Cloud Threat Hunter to join our growing Detection and Response Team (DRT). The DRT actively monitor clients’ IT estates, develop the cutting-edge solutions on which the service is built and use their unique Threat Hunting mindset to continuously improve WithSecure Countercept’s capabilities.
We are looking for a candidate with bundles of enthusiasm, a hunger to improve their security knowledge and the desire to combat adversaries targeting our customers’ cloud environments.
- Proactively investigate cloud telemetry and log-based security events
- Manage incidents from detection to resolution
- Contribute to detection algorithms and posture management rules
- Reconstruct incident timelines based on cloud artifacts
- Research and develop PoCs for new attack techniques to uncover innovative detection capabilities
What are we looking for...
- If any of these points pique your interest, you will seamlessly integrate into the team and succeed:
- You are excited about a cloud-focused, research-driven, hands-on detection and response operation
- You love nothing more than reading about attacker techniques and are keen to thwart them, as well and respond to the ever-evolving threats they present to our clients.
- You are both using and developing cutting edge tools to aid detection and response and are keen to keep up with the latest industry developments.
- You relish the thought of real-world experience
responding to attacks of all levels, from script kiddies to nation states, and look forward to sharing this experience and knowledge with the rest of the team and the industry at large.
- You keep up with the latest cloud security developments, architecture best practises, and are an avid reader of things like /r/netsec to get your security knowledge fix.
The Countercept platform is a dynamic and rapidly evolving product, which is heavily research led. The ideal candidate would be able to contribute to enhancing the capability of the service, whether through direct development, research activities or media opportunities.
The ideal candidate should also have solid experience in both offensive and defensive security areas, either penetration testing, incident response or ideally a mixture of both.
Essential skills for a Senior Cloud Threat Hunter:
- Awareness and good understanding of the state of offensive techniques and APT TTP's in cloud environments.
- Awareness and understanding of cloud security best practise including cloud configuration.
- Experience with alert and reported incident triage, ability to assess the need for escalation along with the applicability of any relevant procedures in a given case.
- Ability to analyse data efficiently and make out potential anomalies in event/management plane data.
- Willingness to operate in between offensive and defensive security operations.
- Intermediate to advanced python skills. Familiarity with code distribution, maintenance, and version control.
- Ability to generate new ideas, plan and execute research projects.
Desirable skills for a Senior Cloud Threat Hunter:
- Strong understanding of AWS IAM and/or Azure AD & RBAC as well as how the most pervasive cloud compromises related to these.
- Experience investigating potential compromises.
- Experience participating in coordinated response to real-world security incidents.
- Experience with common network traffic analysis platforms and/or SIEM solutions.
- Mentorship of junior members of the team.
Our four promises to you…
- Freedom – you will have the opportunity to define new ways of working how we engage with our customers, and how product value gets represented.
- You will work together with experienced and enthusiastic colleagues, and within WithSecure you'll find some of the best minds in the cyber security industry.
- Your work will be clearly visible and recognised – all over the world and across our business units.
- You can rely on the support from the entire WithSecure leadership including our top executives.