Job Description :
Threat Detection Operation Lead
The Threat Hunter creates detection logic tailored to enterprise threat landscape using industry-specific intelligence and developed use cases. Maintains data source catalog containing information on indicators, correlations and existing detection logic. Works closely with Security Engineering in onboarding new data sources and with Cyber Threat Intelligence (CTI) personnel for development of relevant use cases across various Toyota networks while maintaining general CFC collaboration.
KEY RESPONSIBILITIES
Experience in threat hunting utilizing statistical and anomaly analysis.
Experience applying current trends identified via Cyber Threat Intelligence to threat hunt in enterprise environments.
Develop use cases and create threat detection logic, rules, and alerting in SIEM for response by IR analysts
Work with Incident Response/Detect to identify and recommend new internal and external data sources to develop additional threat detection logic
Analyze threat information gathered from logs, Intrusion Detection Systems (IDS), intelligence reports, vendor sites, and a variety of other sources and recommends rules and other process changes to protect against the same
Operationalize Indicator of Compromise from intelligence feeds by developing, testing, and deploying monitoring and alerting rules into SIEM.
MINIMUM QUALIFICATION
BA/BS or MA/MS in Engineering, Computer Science, Information Security, or Information Systems required
3+ years of experience in one or more of the following areas: offensive/defensive hunt techniques, offensive zero-day exploit activities, malware identification methods
2+yrs experience leading a team and mentoring the team members
Experience with content development and tuning dashboard
Expert knowledge of network monitoring and network exploitation techniques
Experience with common attack vectors, including advanced adversaries (nation state/financial motivation)
Knowledge around common web application attacks including SQL injection, cross-site scripting, invalid inputs and forceful browsing
Ability to demonstrate analytical expertise, close attention to detail, excellent critical thinking, logic, and solution orientation and to learn and adapt quickly
Ability to learn and operate in a dynamic environment
Knowledge of how common protocols and applications work at the network level, including DNS, HTTP, and SMB
Strong written communication skills
Experience working with cyber security tools and software such as Splunk, Symantec End Point, TrendMicro Antivirus, McAfee Web Gateway, Checkpoint Firewalls, Bluecoat, Sourcefire, Active Directory, or relevant cyber security assets
PREFFERED QUALIFICATION
Desired certifications include, Security+, CEH, GCIA, GCIH, CISSP or similar
Experience with scripting or programming, including Perl, Python, C, C++, C#, Java, Bash/Shell, PowerShell or Batch
Experience developing detection logic for enterprise SIEM systems
Experience in IOD database MISP
Experience with exploitation techniques and use case development
Experience with IOC datasets (e.g., YARA, OpenIOC)
Schedule