Search

Use your LinkedIn profile to find the right job match for you.

Job Match
Skip to main content

Threat Hunter – Secureworks – Atlanta, GA

Atlanta, Georgia

Apply now
Job ID R84795 Date posted Jan. 02, 2019

About Secureworks:

Secureworks (SCWX-NASDAQ) is a global leader in intelligence-driven information security solutions. We help organizations confidently pursue business goals in a digitally-connected world.  Consistently recognized by industry analysts and readers’ polls, we are one of the best in the world at understanding and anticipating threat behavior. We see 250 billion events every day across 4400 clients in more than 55 countries, and our solutions work across all the layers of a client’s security environment, including 330 different vendor technologies. Join a talented, dedicated, and diverse team of researchers, analysts, engineers, consultants and business professionals who are focused 100% on protecting our clients from cyber threats. We seek out the brightest minds and empower our teams with the tools and support they need to fight the bad guys and maintain our company’s leadership in the cyber security industry.

Uniquely positioned to adapt as the industry evolves, we are also proud to be part of the Dell Technologies family. We enjoy competitive compensation and benefits packages, and reward and recognize our employees for exceptional results. A constant focus on continued learning and growth keeps our team members engaged and excited about “what’s next.” We offer flexible work options when available, and emphasize the importance of work-life balance. We know that when our people are rewarded, recognized, and rejuvenated, we win as a team.

Role Overview

Be part of an exciting team that deals with bleeding-edge information security attacks, malware infections, and incident response situations on a daily basis. Protecting our clients from threat actors attempting to compromise their environments.

Working as a Threat Hunter in an operations center environment with other security and networking professionals, you will extend your currently existing network and endpoint forensic analysis skillset through identification, assessment, review and authoring of incident reports in a variety of client environments. You will actively investigate threat actor activity, malware infections, living off the land attacks, as well as a variety of other security incidents and provide clients with the impact of the threat, your assessment of the incident, as well as recommendations.

Role Responsibilities

  • Review security-related events and assess their risk and validity based on available telemetry from network, endpoint, and global threat intelligence information in order to provide clients with concise, detailed, and well-written incident reports, root causes identification, and remediation recommendations
  • Provide customers with understandable context around their security environment and threats
  • Interface with clients to address their issues, concerns, and questions, and drive to satisfactory closure any issues that impact the service and its value
  • Work with client and internal SecureWorks incident response teams to resolve ongoing intrusions, malware outbreaks, and other security incidents
  • Provide mentorship to SecureWorks team members and clients on security strategy, tactics, techniques, and procedures
  • Develop hunting techniques using the Secureworks platform, iteratively build on existing techniques
  • Use the Secureworks platform to proactivity hunt for and investigate activity within the client environment
  • Use experience gained during incident investigations as well as malware and exploit analysis to contribute to the development of indicators of compromise

Requirements

Knowledge, Skills and Abilities

  • Significant experience with and expert understanding of:
    • Two (2) or more of the following operating systems (Windows, Linux, Mac OS) at a filesystem level
    • Fundamental Internet protocols, services and technologies (e.g. HTTP/HTTPS, DNS, SMTP, SSH, LDAP, TCP/IP, UDP, ICMP, JSON, REST, etc.)
    • Common security controls (e.g. firewalls, proxies, IDS/IPS, WAF, etc.)
  • Experience with and strong understanding of:
    • Threat hunting methodologies
    • Performing both endpoint and network-based investigations
    • Reviewing logs to identify evidence of past intrusions
    • Pivot off indicators within networks to identify the scope and breadth of attacks
    • Malware and exploit kit functionality
    • Operating system and application exploits
    • Lateral movement, living-off-the-land, and persistence establishment mechanisms
    • Detection of anomalous system activity
    • Incident response and incident handling processes
    • Strong technical communication skills, both written and verbal
    • Attention to detail and great organizational and time management skills
    • Excellent problem solving skills that would allow for the ability to diagnose and troubleshoot technical issues
    • Client-focused with a passion for delivering service excellence
    • Courage and willingness to challenge conventional wisdom
    • Ability to research and characterize security threats including creating appropriate countermeasures
    • Ability to write scripts to automate new and existing tasks

Education/Experience

  • 6-8 years of relevant experience or equivalent combination of education and work experience:
    • Completion of a Master’s degree or equivalent program in Computer Science, Network Security, Information Security, or other applicable field and 2-4 years of work experience/research in the field
    • Completion of a Bachelor’s degree or equivalent program in Computer Science, Network Security, Information Security or other applicable field and 4-6 years of work experience in the field

Preferred

  • Preferred Certifications: GCIA, GWAPT, GCIH, GCFA/GCFE, GREM, OSCP/OSCE, eLearn THP or similar certification preferred

Desired Skills

  • Experience in one or more of the following:
    • Penetration testing
    • Vulnerability discovery and assessment
    • Incident Handling
    • Digital forensics
  • Demonstrated track record of identifying and pursuing strategic and complex areas of security research in collaboration with internal and external stakeholders at all levels, to include defining appropriate policies, practices, and countermeasures
  • Network-based security tools (e.g. tcpdump, wireshark, etc.)
  • Malware analysis sandboxes and tools (e.g. Cuckoo, etc.)
  • Experience with one or more of the following platforms:
    • Carbon Black, CrowdStrike, Redline, Lastline, RSA ECAT, etc.
  • Regular expressions
  • Database structures and queries

Secureworks (A Dell Technologies Company) is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Secureworks are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. Secureworks will not tolerate discrimination or harassment based on any of these characteristics.  Learn more about Diversity and Inclusion at Secureworks here

Employees at work Explore This Location

Interested InSelect locations and/or categories of interest below and click the plus symbol.

  • Secureworks, Atlanta, Georgia, United StatesRemove
  • Graduates, Atlanta, Georgia, United StatesRemove

Related Stories