Threat Hunting Team Lead
Company: Binary Defense
Location: Stow
Posted on: May 26, 2023
|
|
Job Description:
Description: Binary Defense, headquartered in Stow, Ohio, is a
rapidly growing cybersecurity software and services firm with
solutions that include best-in-class Managed Detection & Response
powered by a Managed Open XDR platform. The company has a 24/7
Security Operations Center that monitors their own proprietary
managed EDR software as well as supporting leadings network, cloud
and identity solutions. Advanced threat hunting, defense validation
and counterintelligence services provide additional layers of
security. Our expert security staff and technology help shield
businesses from cyberattacks. Binary Defense is a fast-paced
business that enjoys a relaxed culture (from anywhere in the
continental United States) and flexible remote work options. For
the fourth year in a row, Binary Defense has been recognized as one
of the fastest-growing private companies in the US on the Inc. 5000
list! At the 2022 Greater Cleveland Partnership's Best of Tech
Awards, Binary Defense was recognized as the Best Technology
Solution for the third year in a row. We've also been named North
American Partner of the Year by AT&T Cybersecurity, providing
best-in-class SIEM technology and service. Binary Defense recently
completed a $36 million growth equity round of funding from
Invictus Growth Partners to accelerate our growth and technology
and service delivery offerings.Binary Defense is seeking a Threat
Hunting Team Lead to join our Threat Hunting Team. The Threat
Hunting Team Leader position requires an experienced, analytical
person who regularly performs hands-on technical work as well as
guiding and mentoring new to mid-level career employees in threat
detection engineering, threat intelligence research, practical
application of threat intelligence to operations,
reverse-engineering malware, developing custom software tools using
scripting languages and understanding threat actor techniques used
to compromise systems and evade detections. A successful candidate
will communicate effectively verbally and in writing with clients
and internal team members, use strong technical analysis skills to
study threat actor techniques, network with other researchers in
the security community to share information about threats and
develop new tools and detection capabilities to uncover threats in
network traffic and endpoint systems. The job duties include
leadership, technical mentoring, strong research and analysis
skills, including understanding of malware analysis,
reverse-engineering, defense evasion techniques, and engineering of
detection capabilities. Threat Researchers and Threat Hunting Team
Leaders produce products such as network detection rules (Snort or
Suricata), file pattern matching rules (YARA), and SIEM or EDR
threat detection rules (e.g., Splunk, Carbon Black, Azure Sentinel,
etc.). Team Leaders also review the technical work of Threat
Researchers on their team and offer advice for improvement. Threat
Hunting Team Leaders hunt for advanced attackers who evade
detection by existing security controls, add new detection rules
and tune those rules to provide useful results, while keeping
clients well informed about the work being performed and serving as
the primary point of contact for clients to address issues related
to threat hunting tasks. The role also involves writing software
tools for internal use, using a variety of scripting or programming
languages. The position requires a person who exhibits empathy and
compassion for team members, is comfortable making decisions, can
take ownership, is deadline oriented, highly responsive, and is
able to produce high quality work in a fast-paced environment. The
role is responsible for producing written work several times a week
on a wide variety of cybersecurity topics, occasional technical
blogs, and optionally presentations and webinars as needed. Threat
Hunting Team Leaders will work closely with the Security Operations
Center (SOC) Shift Leaders and the SOC Manager as required to help
with detailed analysis of security events, analysis of malware
capabilities, and extraction of indicators of compromise (IOCs) to
locate other compromised systems on client networks. The Threat
Hunting team is very collaborative and supportive of other business
units, and Team Leaders must reflect and maintain that spirit of
friendly cooperation.Key Responsibilities-- Lead a small team of
Threat Researchers to provide Threat Hunting services for clients,
serving as the primary point of contact for clients to discuss
technical threat hunting issues, and mentoring new Threat Hunting
team members to grow in their skills and abilities.-- Reverse
engineer malware using disassemblers and debugging tools (e.g., IDA
Pro, Ghidra, x64dbg, WinDbg, Immunity Debugger, Frida, etc.). Team
Leaders who lack reverse-engineering skills but have strong
detection engineering skills will also be considered for this
position.-- Based on malware analysis results and observation of
attacker tactics, engineer behavioral detection alerting rules for
events reported by endpoints, cloud services, network devices, and
other relevant event sources. This could include Splunk SPL,
Microsoft Kusto Query Language (KQL), Elastic Kibana Query
Language, Carbon Black, Suricata, Snort rules, or other pattern
matching detection rules.-- Proactively research new malware using
hunting capabilities on malware repository services such as
VirusTotal, and through established partnerships with other
security researchers to obtain new samples.-- Develop new software
tools as required by job duties, including software that implements
non-standard network communication protocols and encrypts or
decrypts data using algorithms discovered from malware analysis
results.-- Keep up to date with the latest threat actor techniques
and other cybersecurity topics that are relevant to businesses
defending computers and networks from intrusions.-- Perform
research and investigations with little to no oversight to locate
information that is relevant to clients' requests, and communicate
the results effectively to clients (typically interfacing with
employees of the client company who are information security
professionals)-- Ensure that all written communication is
professional, high quality, free of errors and clearly delivers
relevant information that is of value to clients or the public.--
Other projects and responsibilities, as assigned by the direct
managerRequirements: Education/Experience-- Minimum 10 years
experience in Threat Hunting, Security Research, or Incident
Response.Other Knowledge, Skills and Abilities-- Demonstrated
leadership skills, preferably in a formal leadership role--
Technical understanding of malware analysis techniques and ability
to correctly interpret results of malware reverse engineering as it
practically applies to threat hunting tasks-- Experience
reverse-engineering malware -- Programming and scripting experience
to develop internal tools -- Experience analyzing obfuscated
scripts (e.g. PowerShell, VBA, JavaScript, .Net, etc.)-- Superior
research and technical analysis skills-- Excellent writing and
verbal communication skills-- Understanding of cybersecurity topics
and ability to explain them to others clearly-- Proven track record
of independently managing multiple research projects -
Accountability, personal initiative, and integrity -- Ability to
take ownership, set priorities, multi-task and meet tight
deadlines-- Well-developed problem-solving and interpersonal
skills-- Excellent organizational skills with acute attention to
detail Preferred-- Bachelor's degree in computer science, Digital
Forensics, or related major with an emphasis on Security-- Advanced
technical training in threat hunting, malware analysis, threat
intelligence or other relevant topics -- Recognized as a leader and
contributor in the information security community, regardless of
number of years of experience.-- Track record of excellent
performance as a leader of information security professionals--
Experience in a security service provider role dealing with
clients-- Experience planning, designing, and implementing security
controls and systems-- Published work (blogs, software, etc.) on
threat detection engineering-- Red team or adversary simulation
experience-- Experience teaching or guiding others to learn malware
analysis techniques-- Experience defeating packers/crypters to
unpack malware samples for analysisPI216260874
Keywords: Binary Defense, Cleveland , Threat Hunting Team Lead, Other , Stow, Ohio
Click
here to apply!
|