Cyber Threat Investigator (relocation to Australia)

About the company

CyberCX is joining forces with one of the most exciting cyber security companies from the United States to deliver projects for the Australian market.

You will be trained to deliver a patented, groundbreaking new approach to cybersecurity that identifies, stops, and prevents threats others miss. This innovative technology outperforms the components of every other network security solution and is solving the biggest challenges for customers today with better security, virtual vulnerability mitigation, reduced alert fatigue and fewer false positives.

About the role

Are you tired of looking at an endless queue of Splunk alerts? As a detection engineer, you will have the power to stop and modify threats instead of watching them pass by. With the power to change digital reality at your fingertips, you will deconstruct modern day adversarial threats and thwart them. You will work with detection engineers and alongside skilled threat intelligence, triage, and discovery teams to enact real actions.

Due to the nature of the work, applicants must be citizens of the United States. Australian government security clearances are desirable, but not required.

Relocation to Canberra, Australia is mandatory for this position. Remote working arrangement can not be considered. We will assist relocation to Australia and support the visa application process.

Duties

• Responsible for the development and design of signals which can automatically highlight active threats.
• Analyze malware, attacks, and threat intel for patterns and develop automated solutions for analysis, classification, and categorization of data for further automation.
• Conduct threat-hunting operations in complicated SaaS environments and drive product innovation in threat detection
• Work with global cyber intelligence collectors to identify, contextualize, and instrument current and emerging cyber threats.
• Identify gaps in controls, processes, systems and recommend solutions.
• Actively participate in the cyber security community, establishing relationships and knowledge sharing.
• Contribute to the detection and alerting pipeline so that our Threat Hunting team can quickly identify and remediate potential security threats.
• Develop security-focused tools and services in support of intelligence, detection, and response.
• Develop regular expressions to detect threats.
• Create YARA rules to hunt for malware.

Skills & experience

• Knowledge of operating systems and network protocols.
• Experience with writing Regular Expressions
• An advanced understanding of network detection technologies. (IPS/IDS/NGFW)
• Strong understanding of tools, tactics and procedures (TTPs) of threats actors
• Experience in incident analysis and response using industry standard frameworks such as MITRE ATT&CK and the cyber kill chain
• Experienced in security information and event management tools, such as Splunk, Elasticsearch.
• Experience with malware analysis - dynamic & static
• Must be able to validate findings, perform root cause analysis, and deliver recommendations for fixes.
• Strong scripting and automation skills are must (Python preferable)
• Strong understanding of web protocols and web application security
• Experience writing IDS/IPS, YARA signatures

Preferred:

• TTP based threat hunting
• In-depth log analysis and malware tracking and monitoring
• Data mining experience with large security data sets such as IDS, IPS and firewall logs.
• Strong development background with experience in Python and Familiarity with SQL

Benefits

• Flexible hybrid working environment (a blend of office and WFH)
• Corporate discounts on a huge variety of retail stores through our partners
• Ability to deepen your experience and skills in-line with CyberCX's specialisation as Australia's leading cyber security provider.
• Opportunities to engage directly with and support senior leadership on significant work and contribute to thought leadership.