Threat Hunter and Incident response Expert
About The Position
Snowbit is a cybersecurity technology innovator with a vision to empower organizations across the globe to quickly, efficiently, and cost-effectively ready themselves to address omnipresent cyber risk. Towards this end, Snowbit, built off years of Israeli cybersecurity experience, offers the broadest managed detection and response offering available today.
Snowbit is part of the Coralogix group. Coralogix is rebuilding the path to log observability by offloading the burden of indexing and providing deep insights into accumulated data, at an infinite scale, for less than half the cost.
We are looking for an accomplished, passionate, and self-driven Threat hunter / Incident responder with a zeal for revolutionizing the enterprise cybersecurity domain to come and join the Snowbit Security Research Group.
This is a team of experts with vast cybersecurity experience focused on research on cloud and enterprise systems to identify emerging threat trends/vectors as well as gaps and opportunities within existing enterprise cybersecurity frameworks.
What Will you do?
· Threat hunt inside our customer logs and environments to discover existing malware or threat actors that compromised their network.
· Treat incident response cases from start to finish, including identifying the threats, machine/network/cloud forensics, creating timelines, and consulting customers on IR and mitigation steps.
· Producing reports for customers on your threat hunting / Incident response cases.
· Research emerging attacks, technologies, threats, and vulnerabilities in SaaS and enterprise products and create actionable alerting scenarios to catch them through Coralogix/Snowbit system.
· Investigate logs from security systems to detect intrusions or misconfigurations and create detections based on your findings.
· Write detection rules documentation with actionable recommendations for mitigations.
· Publish your findings internally for customers and externally for blog/marketing needs.
· Work with our customers to investigate anomalies and incidents and create custom detections and next step recommendations.
Responsibilities will include:
· On-demand threat-hunting activities on multiple cloud environments and SaaS applications of our customers.
·On-demand Incident response treatment for serious incidents raised by our Security resource center or customers.
· Research new attack vectors, including identification, with respect to novel attack vectors including their iteration/evolution and related mitigations across the enterprise IT landscape.
· Collaborate with Product and Engineering to leverage research findings to evolve Snowbit product and knowledge base.
· Be a knowledge source for new and emerging threats, incident response processes, and threat-hunting activities including mentoring the team on your findings and methods.
· Evaluate & recommend new security technologies and help shape the product with your insights and expertise.
· Regular updates to internal teams and customers on research findings.
· Active participation in public cybersecurity media/forums/events.
· 5+ years of experience in hands-on threat hunting and incident response in large, complex, security organizations and a proven track record in cybersecurity research, specializing in either APTs or cybercrime.
· Hands-on experience in threat hunting and incident response on cloud environments (AWS, Azure, GCP) and SaaS products (Okta, Google workspaces, Github etc).
· Experience in securing on-prem, cloud and SaaS environments and how organizations protect themselves from attacks (including hands-on experience with common tools and products - FW, IDS/IPS, WAF, EDRs, SIEM etc). familiarity with common cloud and SaaS attack vectors and misconfigurations.
· Hands-on experience with machine forensics including analyzing disk, memory, and network artifacts on Windows and Linux machines.
· Hands-on experience with malware analysis / DFIR in a custom-built sandbox environment (Dynamic & Static, including tools like – IDA Pro, Ollydbg, Wireshark),
Reverse engineering experience - a plus.
· Solid understanding of the cyber security kill chain (MITRE ATT&CK/D3FEND), identifying security vulnerabilities, typical attacker exploit techniques, and related mitigations and remediations.
· Experience in working closely with customers from the alert phase, through treat hunting, raising, and treating an incident (including machine forensics as needed) including the removal of the threat and producing a concluding report for the customer.
· Great communication skills - Fluent in english, spoken and written with a positive and helpful attitude.
· Hands-on experience with query languages (Kibana/KQL/Lucene, Splunk), working with JSON files and writing complex queries and rules.
· Development of threat hunting automation (threat hunting scripts, IOC gathering scripts) - a big plus.
· An innovative mind with keen attention to detail and the ability to set his own goals and parameters for success, investigate and implement solutions and recommendations for the customer benefit.