Join CyberProof Today
DFIR & Threat Hunter
Israel, Global SOC Operations
CyberProof is a cyber security services and platform company whose mission is to help our customers react faster and smarter – and stay ahead of security threats, by creating secure digital ecosystems. CyberProof automates processes to detect and prioritize threats early and respond rapidly and decisively.
CyberProof is part of the UST Global family. Some of the world’s largest enterprises trust us to create and maintain secure digital ecosystems using our comprehensive cyber security platform and mitigation services.
CyberProof is seeking a DFIR & Threat Hunter who will be part of our growing SOC group.
Areas of Responsibility
The CyberProof expert will carry out following activities –
On daily basis:
- Perform Threat Hunting exercises to identify behaviors and advanced threat actor activities within the customers’ network, leveraging existing technologies such as EDR and SIEM platforms.
- Build actionable hypothesis to uncover breach evidence aligned with the MITRE framework and other priorities.
- Research new emerging threats, vulnerabilities and Threat Intelligence insights regarding the changing threat landscape, and develop hunting procedures, leveraging the latest indicators of attack (IOA) and latest threat trends.
- Manage customer’s threat hunting program and help them to make their security posture more mature: engage with the key people from customer side, identify security issues in their environment, schedule and execute hunting activities and create timely reports (measured by content and deadlines).
During crisis of escalated major incidents:
- Act as an Incident Manager to engage several teams within CyberProof to handle a complete end to end incident investigation.
- Respond quickly (24/7) and assist with containment and eradication steps in infected environments to help remediate the threat.
- Analyze the incident and track the attacker’s activity second-by-second on the infected system to get in-depth timeline analysis.
- Create detailed technical DFIR reports on escalated major incidents
This CyberProof expert should have the following required skills:
- Proven experience of 3-5 years as a Cyber Threat Hunter or an Incident Responder, in investigating security incidents according to the IR methodology
- Deep knowledge of comprehensive forensic investigation of network, endpoint, memory, and cloud logs
- Deep knowledge and understanding of attacks and compromise footprints
- Knowledge of operating systems essentials, including Linux/Unix and Windows
- Knowledge in baseline network communications and user behavior
- Previous experience with SIEM and EDR platforms as part of a SOC group
- Knowledge of current threats, vulnerabilities, and attack trends
- Innovative thinking and problem-solving skills
- Good time management skills; and written and oral communications skills in English
- Experience in working with customers, especially large or enterprise companies
Nice-to-have skills or certificates:
- Knowledge in SOAR automations and\or Python scripting language
- Experience with Jupyter notebooks
- Static or dynamic malware analysis skills, using Disassemblers, Debuggers and Decompilers
- GIAC Certified Forensic Analyst (GCFA)
- GIAC Certified Forensic Examiner (GCFE)
- Certified Computer Forensics Examiner (CCFE)
I love the fact that I learn new things at work every single day. But it’s more than that. With each new cyber threat we encounter, I have this feeling that we’re going ‘head-to-head’ against the hackers – that we are going to find a way to solve the problem, to beat those hackers.
– Asaf Haski, Senior Cyber Threat Intelligence Analyst