Threat Researcher

Threat Researcher About the Team:Arctica Wolf Threat Content Team is the owner and intellectual author of the telemetry and detection rules of our Aurora Focus (EDR) product, part of Aurora Endpoint Defense.Our Team started only 3 years ago in BlackBerry-Cylance.
Since then we have developed many internal tools to streamline our daily tasks, defined work standards and how to create content (detection/telemetry rules), and high fidelity content (fine tune processes, reduce f+), created quality assurance processes (Unit Test, Regression and E2E Testing), communication channels with other areas of Threat Intel and S2, without neglecting our main mission which is end cyber risk.
We work together with MDR, TRI, AR and CTI teams, to be ahead with latest findings.
As well as, always on the lookout for new attacks, 0days, TTP updates, keeping our client protected.
We actively participate in the purple teaming exercise perform by AR Team, that emulates the most relevant Threat Actors.In our trajectory we have 2 Mitre accreditations, Enterprise Turla and Managed Services MenuPass + BlackCat.
In both we participated as EDR Blue Teamers.
About the Role and Responsibilities:?Analyse, research, and develop new content for Aurora Focus, applying MITRE ATT&CK framework.
?Convert investigations performed by our Threat Teams: TRI\AR\CTI into new content (detection/telemetry rules).
?Customer Escalation (BFD), collaborate with S2 teams on investigations regarding emerging threats, to generate new detection rules.
?Fine tuning: determining true threats or false positives, and providing solutions, like exclusions, logic change or decreasing severity.
?Python scripting to automate new internal tools or projects.
?Ability to effectively manage multiple tasks simultaneously; coordinating and ensuring scheduled goals are met.
?Maintain documentation up to date: about a new tool or process we add.
?Run regression and end-2-end testing?Push production releases, and notification emails.
?Participate in Purple Teaming exercises?Generate metrics over Databricks Dashboard.
?Deliver regular threat briefing presentations to internal & external stakeholders on topics ranging from threat actor campaign activity, novel TTPs, and emerging malware or exploits?Utilize best practices for threat research and documentation and deliver high-quality detection rules.About You?Relevant experience in a professional setting for threat intelligence or threat research roles?Experience with applying the MITRE ATT&CK framework to intelligence products and associated depth of analysis for each TTP and threat actor represented in this body of knowledge?Experience analysing application and infrastructure telemetry (application logs, network flow logs, audit logs, metrics, core dumps, etc.)?Experience analysing and deriving intelligence from phishing and malware campaigns, vulnerabilities being exploited in the wild, supply chain attacks, and Data breaches?Understanding of threat protection/detection tooling/stacks: SIEM, XDR/EDR?Experience working with Python scripts.
?Understand Json format and regex usage.
?Linux and MacOS Terminal usage?Basic .
sh/.
bat scripting knowledge?Windows sysinternals?Experience using Git repositories (GitHub, Git Bash, GitLab)?Experience using Virtual Machines (VMware workstation)?SQL Knowledge, Databricks is a plus.
?Lolbins/Lolbas Knowledge?Sigma Rules Knowledge?Excellent written and verbal communication skills?Resourceful self-starter with a positive, can-do attitude Nice to Have:?Experience with Agile Methodology?Experience using Elastic search, Kibana or Grafana.
?You have delivered presentations on cybersecurity or cyber threat intelligence at industry conferences or meetups?You have participated in sharing of threat intelligence through ISACs, Trust Groups, intelligence partnerships, or via other open communities?CISSP, OSCP, GCTI or other relevant certifications are a plusInterview ProcessThe interview process is approximately as follows:?Phone pre-screening: A recruiter contacts you to briefly discuss yourwork history and provide an overview of Arctic Wolf.
Approximately 30 minutes?Technical assessment: A recruiter sends you a threat intelligence assessment to complete that will allow you to demonstrate your strategic thinking, analytical skills, and your technical understanding of various threat actor TTPs, malware, vulnerabilities, and/or exploits?Face-to-face interviews: Several team members conduct interviews to learn more about you and provide more information about your potential role and team.
Be prepared to discuss your technical assessment, collaborate on a technical problem, and talk more about past projects and your career goals.
Approximately 1 hour perinterview.
Security Requirements?Conducts duties and responsibilities in accordance with AW's Information Security policies, standards, processes, and controls to protect the confidentiality, integrity, and availability of AW business information assets.
?Must pass a criminal background check and an employment verification as a condition of employment.