Cyber Threat Hunt Analyst

Surgo (PTY) Ltd. has partnered with a global analytics and digital solutions company serving industries including insurance, healthcare, banking and financial services, media, retail, and others. They aim to bridge the gap between digital expectations and real outcomes for international companies with Digital Intelligence.

Our client is recruiting for a
**Cyber Threat Hunt Analyst** to join their team based in Cape Town.

**Job purpose**:
The role will support and advise on product assessments, policy adjustments, and architectural transformation that will impact regional and global locations. The position requires someone with technical expertise and will provide influence on the design of detective, preventive, and proactive controls.

**Responsibilities**:

- Identify and track threat actor groups and their TTPs while maintaining current knowledge of tools and best practices of APT groups
- Perform cyber threat hunting activity using threat intelligence, analysis of anomalous log data, and related tools
- Collect, enrich, and disseminate IOCs - Indicators of Compromise
- Use the MITRE ATT&CK framework to analyze malicious campaigns and evaluate the effectiveness of security technologies and controls
- Determine true threats, false positives, and network system misconfigurations and provide recommendations and solutions to issues detected
- Monitor the organization’s attack surface against the current threat landscape
- Support the Cyber Threat Intelligence team to provide threat informed defenses that will improve prioritization of preventative controls and mitigations to improve defense posture
- Engage and collaborate with Red Team to analyze and evaluate the effectiveness of existing security controls
- Support Cyber Threat DFIR for internal incidents by performing cyber threat hunting activities during investigations and building a common understanding of threat activities

**Qualification & Experience**:

- Direct experience performing threat hunting in an active corporate environment
- 2+ years of experience in a technical role in the areas of Security Operation, Incident Response, Detection Engineering, Offensive Security/Red Team, or Cyber Threat Intelligence
- Security certification or working towards certification (e.g., SANS, SEC+, CompTIA, Security+, OSCP, or CEH), equivalent experience will be considered
- Direct experience working with large datasets, log review and bulk analysis tools
- Experience consuming and analyzing Cyber Threat Intelligence for actionable takeaways
- Familiarity with offensive security strategies and assessment methodologies
- Knowledge of threat actors, including malware families, intrusion techniques, and associated criminal entities
- Experience explaining threat hunt objectives and ability to communicate associated risks
- Ability to understand requirements and needs from across the organization in order to build consensus and drive results
- Ability to navigate and work effectively across a complex, geographically dispersed organization
- Able to perform proactive threat hunting using multiple toolsets, suggesting, and testing hypotheses, pivoting and reporting on investigation results
- Ability to work on-side

**Beneficial**:

- Experience with more than one more enterprise scale EDR and SIEM tool
- Experience using Internet and network scanning tools for malicious host discovery
- Basic understanding of building threat hunting queries using KQL, SIGMA, or Yara
- Previous experience using a Threat Intelligence platform or CTI vendor
- Demonstrated ability to self-direct, with mínimal supervision to achieve assigned goals
- Knowledge of basic Data Science concepts and processes
- Experience with offensive security tools and technical and the methods used to compromise large networks
- Previous experience performing digital forensics or incident response on major security incidents

**Salary**: Market Related

**Working Hours**: Monday to Friday - 08:00am to 17:00pm