#1 Job Board for tech industry in Europe

  • Job offers
  • Salary calculator
  • Top Companies
  • Geek
    • Senior Threat Hunter/Analyst
    Security

    Senior Threat Hunter/Analyst

    ExpressVPN

    Poznań
    Type of work
    Undetermined
    Experience
    Mid
    Employment Type
    Permanent
    Operating mode
    Office

    Tech stack

      Threat hunting

      advanced

      Incident Response

      regular

      Splunk

      regular

      MITRE ATT&CK

      regular

    Job description

    About Our Company

    For more than 10 years, we've been paving the way to a more private and secure digital world. We're an international SaaS company and a leader in the cybersecurity industry. Millions of consumers worldwide use our internet privacy and security products every day.

    Our team of over 800 employees works from all around the globe. We have team members in major cities like London, Hong Kong, Singapore, Paris, Toronto, Perth, and more. And we’re just getting started.

    We’re profitable and growing. We're hiring talent across all functions: software development and engineering, product, data analytics, marketing, content, and people. Join us today and be part of our mission.

    Responsibilities

    As an individual contributor in our Security Operations Center, you’ll have a broad list of responsibilities including (the mix will depend on your interests and skill-level)

    • Threat Hunting, to proactively detect, isolate, and neutralize threats:
      • Research traffic on our networks, create baselines for expected norms, and identify and investigate outliers.  Provide your analysis and document your research. 
      • With your understanding of normal operations and your baseline for logging and events, hunt for anomalous events and pull the thread to determine if our systems were compromised or a compromise was attempted.
      • Manage research related to threat hunting adversaries in our environments
      • Participate in investigations related to threat hunting adversaries in our environments

    • Monitoring:
      • Monitor and analyze the output from many log sources including cloud services, on-premise network equipment, productions platforms, and employee provided devices, and recommend security actions per procedures where required
      • Perform Real-Time monitoring and triaging of security alerts

    • Incident Response:
      • Act as the first point of contact (POC) for security incidents and anomalies
      • Coordinate with other security and operations teams during incidents or investigations
      • Conduct preliminary incident triage according to the Security Incident Management Triage Matrix and set the priority accordingly
      • React and respond to all real or perceived security and cyber-related incidents, threat,s and attacks within agreed times
      • Determine and classify the severity of alerts and assess potential impacts as classification defined in the knowledge base
    • Stay on the bleeding edge by conducting research, consulting with colleagues, and attending training to maintain awareness of trends in new security threats, technologies, and regulations
    • Assist in IT security investigations, red team exercises, and penetration tests as needed
    • Understand and operate an effective Security Orchestration, Automation and Response (SOAR) platform
    • Work closely with other teams to provide mitigation recommendations to reduce the overall security risk within the organization
    • Provide ideas and feedback to improve the overall SOC capabilities and maturity
    • Find and analyze various threat intelligence feeds
    • The position is on-call through an on-call schedule and PagerDuty.  

    Required Skills

    Advanced understanding of: 

    • Concepts such as MITRE ATT&CK and the Cyber Kill Chain
    • Monitoring non-traditional IT services such as SaaS and cloud services
    • Advanced knowledge of:
      • SIEM solutions such as Sumo Logic, Splunk, or Elastic SIEM
      • Endpoint Detection and Response (EDR) solutions such as Carbon Black or Endgame
      • Advanced analysis and triaging of security logs from Windows, Linux, ChromeOS, and macOS
      • Malware analysis and investigation
      • Implants, shells, Command and Control (C2) infrastructures
      • TCP/IP Networking, packet capturing, and analysis
      • Network equipment such as Cisco, Palo Alto, and Juniper

    What we offer:

    • Challenging work in a fun and collaborative environment
    • Attractive compensation and time-off benefits
    • Full-time employment with flexible working hours
    • Multicultural teams represented by 30+ nationalities
    • Reports initially to the Cybersecurity Manager and then to the Lead Threat Hunter/Analyst

     Note: Please do not include any salary or compensation information on your resume  

    Check similar offers