Threat Researcher

4 weeks ago


Cork, Cork, Ireland Arctic Wolf Full time
About The Team

Arctica Wolf Threat Content Team is the owner and intellectual author of the telemetry and detection rules of our Aurora Focus (EDR) product, part of Aurora Endpoint Defense. Our Team started only 3 years ago in BlackBerry-Cylance. Since then we have developed many internal tools to streamline our daily tasks, defined work standards and how to create content (detection/telemetry rules), and high fidelity content (fine tune processes, reduce f+), created quality assurance processes (Unit Test, Regression and E2E Testing), communication channels with other areas of Threat Intel and S2, without neglecting our main mission which is end cyber risk. We work together with MDR, TRI, AR and CTI teams, to be ahead with latest findings. As well as, always on the lookout for new attacks, 0days, TTP updates, keeping our client protected. We actively participate in the purple teaming exercise perform by AR Team, that emulates the most relevant Threat Actors. In our trajectory we have 2 Mitre accreditations, Enterprise 2023 - Turla and Managed Services 2024 - MenuPass + BlackCat. In both we participated as EDR Blue Teamers.

About The Role And Responsibilities
  • Analyse, research, and develop new content for Aurora Focus, applying MITRE ATT&CK framework.
  • Convert investigations performed by our Threat Teams: TRI/AR/CTI into new content (detection/telemetry rules).
  • Customer Escalation (BFD), collaborate with S2 teams on investigations regarding emerging threats, to generate new detection rules.
  • Fine tuning: determining true threats or false positives, and providing solutions, like exclusions, logic change or decreasing severity.
  • Python scripting to automate new internal tools or projects.
  • Ability to effectively manage multiple tasks simultaneously; coordinating and ensuring scheduled goals are met.
  • Maintain documentation up to date: about a new tool or process we add.
  • Run regression and end-2-end testing
  • Push production releases, and notification emails.
  • Participate in Purple Teaming exercises
  • Generate metrics over Databricks Dashboard.
  • Deliver regular threat briefing presentations to internal & external stakeholders on topics ranging from threat actor campaign activity, novel TTPs, and emerging malware or exploits
  • Utilize best practices for threat research and documentation and deliver high-quality detection rules.
About You
  • Relevant experience in a professional setting for threat intelligence or threat research roles
  • Experience with applying the MITRE ATT&CK framework to intelligence products and associated depth of analysis for each TTP and threat actor represented in this body of knowledge
  • Experience analysing application and infrastructure telemetry (application logs, network flow logs, audit logs, metrics, core dumps, etc.)
  • Experience analysing and deriving intelligence from phishing and malware campaigns, vulnerabilities being exploited in the wild, supply chain attacks, and Data breaches
  • Understanding of threat protection/detection tooling/stacks: SIEM, XDR/EDR
  • Experience working with Python scripts.
  • Understand Json format and regex usage.
  • Linux and MacOS Terminal usage
  • Basic .sh/.bat scripting knowledge
  • Windows sysinternals
  • Experience using Git repositories (GitHub, Git Bash, GitLab)
  • Experience using Virtual Machines (VMware workstation)
  • SQL Knowledge, Databricks is a plus.
  • Lolbins/Lolbas Knowledge
  • Sigma Rules Knowledge
  • Excellent written and verbal communication skills
  • Resourceful self-starter with a positive, can-do attitude
Nice To Have
  • Experience with Agile Methodology
  • Experience using Elastic search, Kibana or Grafana.
  • You have delivered presentations on cybersecurity or cyber threat intelligence at industry conferences or meetups
  • You have participated in sharing of threat intelligence through ISACs, Trust Groups, intelligence partnerships, or via other open communities
  • CISSP, OSCP, GCTI or other relevant certifications are a plus
Interview Process
  • Phone pre-screening: A recruiter contacts you to briefly discuss your work history and provide an overview of Arctic Wolf. Approximately 30 minutes
  • Technical assessment: A threat intelligence assessment to complete that will allow you to demonstrate your strategic thinking, analytical skills, and your technical understanding of various threat actor TTPs, malware, vulnerabilities, and/or exploits
  • Face-to-face interviews: Several team members conduct interviews to learn more about you and provide more information about your potential role and team. Be prepared to discuss your technical assessment, collaborate on a technical problem, and talk more about past projects and your career goals. Approximately 1 hour per interview.
Security Requirements
  • Conducts duties and responsibilities in accordance with AW's Information Security policies, standards, processes, and controls to protect the confidentiality, integrity, and availability of AW business information assets.
  • Must pass a criminal background check and an employment verification as a condition of employment.

#J-18808-Ljbffr

  • Cork, Cork, Ireland University College Cork Full time

    36 Months, Fixed-Term, Whole-time Post Position Summary We are now looking for a Post Doctoral researcher to join our research team at the nasc Research Centre. This position provides an excellent opportunity to join a dynamic and inclusive research team at University College Cork (UCC), working within the large-scale national Research Ireland (formerly...


  • Cork, Cork, Ireland OpenText Full time

    Join to apply for the Principal Security Analyst role at OpenText.OpenText is a global leader in information management, emphasizing innovation, creativity, and collaboration. As part of our team, you'll partner with top companies, tackle complex issues, and contribute to shaping the future of digital transformation.AI-First. Future-Driven. Human-Centered....

  • Data Scientist

    4 weeks ago


    Cork, Cork, Ireland McAfee Full time

    Join to apply for the Data Scientist - LLMs & Generative AI role at McAfeeJoin to apply for the Data Scientist - LLMs & Generative AI role at McAfeeGet AI-powered advice on this job and more exclusive features.Role OverviewAs a Data Scientist within the Office of the CTO within the Dynamic Threat Defense group at McAfee, you will play a vital role in...


  • Cork, Cork, Ireland Acuity Full time

    Get AI-powered advice on this job and more exclusive features.A cuity Inc. (NYSE: AYI) is a market-leading industrial technology company.We use technology to solve problems in spaces, light and more things to come.Through our two business segments, Acuity Brands Lighting (ABL) and Acuity Intelligent Spaces (AIS), we design, manufacture, and bring to market...


  • Cork, Cork, Ireland Acuity Full time

    Get AI-powered advice on this job and more exclusive features.A cuity Inc. (NYSE: AYI) is a market-leading industrial technology company. We use technology to solve problems in spaces, light and more things to come. Through our two business segments, Acuity Brands Lighting (ABL) and Acuity Intelligent Spaces (AIS), we design, manufacture, and bring to market...


  • Cork, Cork, Ireland TrendMicro Full time

    Retention Sales Manager Dutch speaking page is loadedRetention Sales Manager Dutch speakingApply locations Cork time type Full time posted on Posted Yesterday job requisition id R0007437Discover TrendTrend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat...


  • Cork, Cork, Ireland Proofpoint Full time

    About Us:We are the leader in human-centric cybersecurity. Half a million customers, including 87 of the Fortune 100, rely on Proofpoint to protect their organizations. We're driven by a mission to stay ahead of bad actors and safeguard the digital world. Join us in our pursuit to defend data and protect people.How We Work:At Proofpoint, you'll be part of a...

  • Lead Iam Engineer

    4 weeks ago


    Cork, Cork, Ireland Mckesson Full time

    McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare.We are known for delivering insights, products, and services that make quality care more accessible and affordable.Here, we focus on the health, happiness, and well-being of you and those we serve – we care.What you do at McKesson matters.We foster a culture...


  • Cork, Cork, Ireland Forescout Technologies Inc. Full time

    Join to apply for the Manager, Technical Support - EMEA role at Forescout Technologies Inc.DescriptionWhat We DoManaging cyber risk, together – Today the modern enterprise is an Enterprise of Things. We secure the Enterprise of Things with active defense by identifying, segmenting, and enforcing compliance of every connected thing in a real‑time and at...


  • Cork, Cork, Ireland Forescout Technologies Inc. Full time

    Join to apply for theManager, Technical Support - EMEArole atForescout Technologies Inc.DescriptionWhat We DoManaging cyber risk, together – Today the modern enterprise is an Enterprise of Things.We secure the Enterprise of Things with active defense by identifying, segmenting, and enforcing compliance of every connected thing in a real-time and at...