Cyber Threat Hunt Analyst

Surgo (PTY) Ltd. has partnered with a global analytics and digital solutions company serving industries including insurance, healthcare, banking and financial services, media, retail, and others. They aim to bridge the gap between digital expectations and real outcomes for international companies with Digital Intelligence.

Our client is recruiting for a Cyber Threat Hunt Analyst to join their team based in Cape Town.

**Job purpose**:
The role will support and advise on product assessments, policy adjustments, and architectural transformation that will impact regional and global locations. The position requires someone with technical expertise and will provide influence on the design of detective, preventive, and proactive controls.

**Responsibilities**:
Identify and track threat actor groups and their TTPs while maintaining current knowledge of tools and best practices of APT groups

Perform cyber threat hunting activity using threat intelligence, analysis of anomalous log data, and related tools

Collect, enrich, and disseminate IOCs - Indicators of Compromise

Use the MITRE ATT&CK framework to analyze malicious campaigns and evaluate the effectiveness of security technologies and controls

Determine true threats, false positives, and network system misconfigurations and provide recommendations and solutions to issues detected

Monitor the organization’s attack surface against the current threat landscape

Support the Cyber Threat Intelligence team to provide threat informed defenses that will improve prioritization of preventative controls and mitigations to improve defense posture

Engage and collaborate with Red Team to analyze and evaluate the effectiveness of existing security controls

Support Cyber Threat DFIR for internal incidents by performing cyber threat hunting activities during investigations and building a common understanding of threat activities

**Qualification & Experience**:
Direct experience performing threat hunting in an active corporate environment

2+ years of experience in a technical role in the areas of Security Operation, Incident Response, Detection Engineering, Offensive Security/Red Team, or Cyber Threat Intelligence

Security certification or working towards certification (e.g., SANS, SEC+, CompTIA, Security+, OSCP, or CEH), equivalent experience will be considered

Direct experience working with large datasets, log review and bulk analysis tools

Experience consuming and analyzing Cyber Threat Intelligence for actionable takeaways

Familiarity with offensive security strategies and assessment methodologies

Knowledge of threat actors, including malware families, intrusion techniques, and associated criminal entities

Experience explaining threat hunt objectives and ability to communicate associated risks

Ability to understand requirements and needs from across the organization in order to build consensus and drive results

Ability to navigate and work effectively across a complex, geographically dispersed organization

Able to perform proactive threat hunting using multiple toolsets, suggesting, and testing hypotheses, pivoting and reporting on investigation results

Ability to work on-side

**Beneficial**:
Experience with more than one more enterprise scale EDR and SIEM tool

Experience using Internet and network scanning tools for malicious host discovery

Basic understanding of building threat hunting queries using KQL, SIGMA, or Yara

Previous experience using a Threat Intelligence platform or CTI vendor

Demonstrated ability to self-direct, with mínimal supervision to achieve assigned goals

Knowledge of basic Data Science concepts and processes

Experience with offensive security tools and technical and the methods used to compromise large networks

Previous experience performing digital forensics or incident response on major security incidents

**Salary**: Market Related

**Working Hours**: Monday to Friday - 08:00am to 17:00pm