Threat Hunter and Incident Response Expert - Gurgaon, India - Coralogix

Coralogix
Coralogix
Verified Company
Gurgaon, India

1 month ago

Deepika Kaur

Posted by:

Deepika Kaur

beBee Recuiter
Description

Snowbit is a cybersecurity technology innovator with a vision to empower organizations across the globe to quickly, efficiently, and cost-effectively ready themselves to address omnipresent cyber risk.

Towards this end, Snowbit, built off years of Israeli cybersecurity experience, offers the broadest managed detection and response offering available today.

Snowbit is part of the Coralogix group.

Coralogix is rebuilding the path to log observability by offloading the burden of indexing and providing deep insights into accumulated data, at an infinite scale, for less than half the cost.


This is a team of experts with vast cybersecurity experience focused on research on cloud and enterprise systems to identify emerging threat trends/vectors as well as gaps and opportunities within existing enterprise cybersecurity frameworks.


What Will you do?
-
Threat hunt inside our customer logs and environments to discover existing malware or threat actors that compromised their network.

  • Treat
    incident response cases from start to finish, including identifying the threats, machine/network/cloud forensics, creating timelines, and consulting customers on IR and mitigation steps.
  • Producing reports for customers on your threat hunting / Incident response cases.
  • Research emerging attacks, technologies, threats, and vulnerabilities in SaaS and enterprise products and create actionable alerting scenarios to catch them through Coralogix/Snowbit system.
  • Investigate logs from security systems to detect intrusions or misconfigurations and create detections based on your findings.
  • Write detection rules documentation with actionable recommendations for mitigations.
  • Publish your findings internally for customers and externally for blog/marketing needs.
  • Work with our customers to investigate anomalies and incidents and create custom detections and next step recommendations.

Responsibilities will include:

-
On-demand Incident response treatment for serious incidents raised by our Security resource center or customers.
-
Research new attack vectors, including identification, with respect to novel attack vectors including their iteration/evolution and related mitigations across the enterprise IT landscape.

  • Collaborate with Product and Engineering to leverage research findings to evolve Snowbit product and knowledge base.
  • Be a knowledge source for new and emerging threats, incident response processes, and threathunting activities including mentoring the team on your findings and methods.
  • Evaluate & recommend new security technologies and help shape the product with your insights and expertise.
  • Regular updates to internal teams and customers on research findings.
  • Active participation in public cybersecurity media/forums/events.

Requirements:


  • 5+ years of experience in
    handson
    threat hunting and incident response in large, complex, security organizations and a proven track record in cybersecurity research, specializing in either APTs or cybercrime.
  • Handson experience in threat hunting and incident response on
    cloud environments (AWS, Azure, GCP) and SaaS products (Okta, Google workspaces, Github etc).
  • Experience in securing onprem, cloud and SaaS environments and how organizations protect themselves from attacks (including handson experience with common tools and products
  • FW, IDS/IPS, WAF, EDRs, SIEM etc). familiarity with common
    cloud and SaaS attack vectors and misconfigurations.
  • Handson experience with
    machine forensics including analyzing disk, memory, and network artifacts on
    Windows and Linux machines.
  • Handson experience with
    malware analysis / DFIR in a custombuilt sandbox environment (Dynamic & Static, including tools like
  • IDA Pro, Ollydbg, Wireshark),

Reverse engineering experience -
a plus.

  • Solid understanding of the
    cyber security kill chain (MITRE ATT&CK/D3FEND), identifying security vulnerabilities, typical attacker exploit techniques, and related mitigations and remediations.
  • Experience in
    working closely with customers from the alert phase, through treat hunting, raising, and treating an incident (including machine forensics as needed) including the removal of the threat and producing a concluding report for the customer.


  • Great communication skills

  • Fluent in english, spoken and written with a positive and helpful attitude.
  • Handson experience with
    query languages (Kibana/KQL/Lucene, Splunk), working with JSON files and writing complex queries and rules.
  • Development of threat hunting automation (threat hunting scripts, IOC gathering scripts)
    a big plus.
- **An innovative mind with keen attention to detail and the ability to set his own goals and parameters for success, investigate and implement solutions and recommendations for the customer benefit.
More jobs from Coralogix
See all jobs of Coralogix