Threat Hunting Team Lead

Company: Binary Defense
Location: Stow
Posted on: May 26, 2023

Job Description:

Description: Binary Defense, headquartered in Stow, Ohio, is a rapidly growing cybersecurity software and services firm with solutions that include best-in-class Managed Detection & Response powered by a Managed Open XDR platform. The company has a 24/7 Security Operations Center that monitors their own proprietary managed EDR software as well as supporting leadings network, cloud and identity solutions. Advanced threat hunting, defense validation and counterintelligence services provide additional layers of security. Our expert security staff and technology help shield businesses from cyberattacks. Binary Defense is a fast-paced business that enjoys a relaxed culture (from anywhere in the continental United States) and flexible remote work options. For the fourth year in a row, Binary Defense has been recognized as one of the fastest-growing private companies in the US on the Inc. 5000 list! At the 2022 Greater Cleveland Partnership's Best of Tech Awards, Binary Defense was recognized as the Best Technology Solution for the third year in a row. We've also been named North American Partner of the Year by AT&T Cybersecurity, providing best-in-class SIEM technology and service. Binary Defense recently completed a $36 million growth equity round of funding from Invictus Growth Partners to accelerate our growth and technology and service delivery offerings.Binary Defense is seeking a Threat Hunting Team Lead to join our Threat Hunting Team. The Threat Hunting Team Leader position requires an experienced, analytical person who regularly performs hands-on technical work as well as guiding and mentoring new to mid-level career employees in threat detection engineering, threat intelligence research, practical application of threat intelligence to operations, reverse-engineering malware, developing custom software tools using scripting languages and understanding threat actor techniques used to compromise systems and evade detections. A successful candidate will communicate effectively verbally and in writing with clients and internal team members, use strong technical analysis skills to study threat actor techniques, network with other researchers in the security community to share information about threats and develop new tools and detection capabilities to uncover threats in network traffic and endpoint systems. The job duties include leadership, technical mentoring, strong research and analysis skills, including understanding of malware analysis, reverse-engineering, defense evasion techniques, and engineering of detection capabilities. Threat Researchers and Threat Hunting Team Leaders produce products such as network detection rules (Snort or Suricata), file pattern matching rules (YARA), and SIEM or EDR threat detection rules (e.g., Splunk, Carbon Black, Azure Sentinel, etc.). Team Leaders also review the technical work of Threat Researchers on their team and offer advice for improvement. Threat Hunting Team Leaders hunt for advanced attackers who evade detection by existing security controls, add new detection rules and tune those rules to provide useful results, while keeping clients well informed about the work being performed and serving as the primary point of contact for clients to address issues related to threat hunting tasks. The role also involves writing software tools for internal use, using a variety of scripting or programming languages. The position requires a person who exhibits empathy and compassion for team members, is comfortable making decisions, can take ownership, is deadline oriented, highly responsive, and is able to produce high quality work in a fast-paced environment. The role is responsible for producing written work several times a week on a wide variety of cybersecurity topics, occasional technical blogs, and optionally presentations and webinars as needed. Threat Hunting Team Leaders will work closely with the Security Operations Center (SOC) Shift Leaders and the SOC Manager as required to help with detailed analysis of security events, analysis of malware capabilities, and extraction of indicators of compromise (IOCs) to locate other compromised systems on client networks. The Threat Hunting team is very collaborative and supportive of other business units, and Team Leaders must reflect and maintain that spirit of friendly cooperation.Key Responsibilities-- Lead a small team of Threat Researchers to provide Threat Hunting services for clients, serving as the primary point of contact for clients to discuss technical threat hunting issues, and mentoring new Threat Hunting team members to grow in their skills and abilities.-- Reverse engineer malware using disassemblers and debugging tools (e.g., IDA Pro, Ghidra, x64dbg, WinDbg, Immunity Debugger, Frida, etc.). Team Leaders who lack reverse-engineering skills but have strong detection engineering skills will also be considered for this position.-- Based on malware analysis results and observation of attacker tactics, engineer behavioral detection alerting rules for events reported by endpoints, cloud services, network devices, and other relevant event sources. This could include Splunk SPL, Microsoft Kusto Query Language (KQL), Elastic Kibana Query Language, Carbon Black, Suricata, Snort rules, or other pattern matching detection rules.-- Proactively research new malware using hunting capabilities on malware repository services such as VirusTotal, and through established partnerships with other security researchers to obtain new samples.-- Develop new software tools as required by job duties, including software that implements non-standard network communication protocols and encrypts or decrypts data using algorithms discovered from malware analysis results.-- Keep up to date with the latest threat actor techniques and other cybersecurity topics that are relevant to businesses defending computers and networks from intrusions.-- Perform research and investigations with little to no oversight to locate information that is relevant to clients' requests, and communicate the results effectively to clients (typically interfacing with employees of the client company who are information security professionals)-- Ensure that all written communication is professional, high quality, free of errors and clearly delivers relevant information that is of value to clients or the public.-- Other projects and responsibilities, as assigned by the direct managerRequirements: Education/Experience-- Minimum 10 years experience in Threat Hunting, Security Research, or Incident Response.Other Knowledge, Skills and Abilities-- Demonstrated leadership skills, preferably in a formal leadership role-- Technical understanding of malware analysis techniques and ability to correctly interpret results of malware reverse engineering as it practically applies to threat hunting tasks-- Experience reverse-engineering malware -- Programming and scripting experience to develop internal tools -- Experience analyzing obfuscated scripts (e.g. PowerShell, VBA, JavaScript, .Net, etc.)-- Superior research and technical analysis skills-- Excellent writing and verbal communication skills-- Understanding of cybersecurity topics and ability to explain them to others clearly-- Proven track record of independently managing multiple research projects - Accountability, personal initiative, and integrity -- Ability to take ownership, set priorities, multi-task and meet tight deadlines-- Well-developed problem-solving and interpersonal skills-- Excellent organizational skills with acute attention to detail Preferred-- Bachelor's degree in computer science, Digital Forensics, or related major with an emphasis on Security-- Advanced technical training in threat hunting, malware analysis, threat intelligence or other relevant topics -- Recognized as a leader and contributor in the information security community, regardless of number of years of experience.-- Track record of excellent performance as a leader of information security professionals-- Experience in a security service provider role dealing with clients-- Experience planning, designing, and implementing security controls and systems-- Published work (blogs, software, etc.) on threat detection engineering-- Red team or adversary simulation experience-- Experience teaching or guiding others to learn malware analysis techniques-- Experience defeating packers/crypters to unpack malware samples for analysisPI216260874

Keywords: Binary Defense, Cleveland , Threat Hunting Team Lead, Other , Stow, Ohio