Threat Hunting Analyst

Metro Global Solution Center (MGSC) is internal solution partner for METRO, a €29.8 Billion international wholesaler with operations in 31 countries through 661 stores & a team of 93,000 people globally. Metro operates in a further 10 countries with its Food Service Distribution (FSD) business and it is thus active in a total of 34 countries.

MGSC, location wise is present in Pune (India), Düsseldorf (Germany) and Szczecin (Poland). We provide IT & Business operations support to 31 countries, speak 24+ languages and process over 18,000 transactions a day. We are setting tomorrow’s standards for customer focus, digital solutions, and sustainable business models. For over 10 years, we have been providing services and solutions from our two locations in Pune and Szczecin. This has allowed us to gain extensive experience in how we can best serve our internal customers with high quality and passion. We believe that we can add value, drive efficiency, and satisfy our customers.

Website: https://www.metro-gsc.in
Company Size: 600-650
Headquarters: Pune, Maharashtra, India
Type: Privately Held
Inception:  2011

Responsibilities:

• Perform intelligence led proactive threat hunts across the organization, utilising a range of tooling available, and focusing hunts on relevant behavioural tactics, techniques, and procedures (TTPs) identified as potential threats to the organization.
• Contribute to detection engineering initiatives by identifying opportunities for, and implementation of new detections as an output of threat hunts completed.
• Support other functions within security operations by responding to hunt requests and by applying expertise in advanced actors and TTPs for ongoing incidents, working closely with our incident responders.
• Research new attack behaviours and TTPs used by threat actors, leading to new hunting and detection opportunities.
• Assist in the development and maturity of the threat hunting process and team through development of cutting edge hunting techniques and introduction of automation into the threat hunting process.
• Develop threat hunting hypothesis in collaboration with the threat intelligence team, helping to track relevant threat actors, campaigns and emerging threats and the TTPs they use.
• Help in defining the metrics, measurements and analytical tools to quantify surface area of risk, business impact and implement mechanisms to track progress on efforts to reduce those risks.
• Represent threat hunting to the wider information security team, and to the wider business, including senior stakeholders, through reporting, presentations and knowledge sharing sessions.
• Adapts quickly to changing priorities, seeks new ideas, and re-align with team’s priority/roadmap to maximize business productivity.

Technical & Soft Skills:

• Good understanding of cyber threats, attack vectors, and common exploitation techniques.
• Proficiency in using threat intelligence platforms, open-source tools, and SOC technologies such as Google Chronicle SIEM, CrowdStrike EDR/EPP, Vectra NDR, Qualys VM, Recorded Future TI, etc.
• Proficiency in multiple query languages such as YARA, CrowdStrike QL or SPS with an ability to manipulate and analyse large data sets.
• Expertise in formulating threat hunting hypotheses and working with available data sets to determine conclusions.
• Solid understanding of current TTPs used by threat actors and an ability to replicate behaviours in a lab environment to generate telemetry.
• Direct experience working with the Mitre ATT&CK Framework or similar, with an ability to utilise the framework to identify detection gaps for threat hunting.
• Strong competence being able to quickly respond to emerging threats, showcasing an ability to develop and perform hunts, while working under strict deadlines.
• Strong understanding of Windows, Linux, and network protocols.
• Strong knowledge of industry frameworks and standards, such as STIX/TAXII, MITRE ATT&CK, and threat intelligence sharing platforms.
• Excellent written and verbal communication skills, including the ability to present complex technical information to both technical and non-technical audiences.
• Strong analytical and critical thinking skills, with the ability to analyze complex data sets and identify actionable insights.
• Proven experience in collaborating with cross-functional teams and providing guidance on threat intelligence-related matters.

Qualifications

• Bachelor’s degree in computer science, Information Technology, Cybersecurity, or in a related field. A master’s degree or Relevant Cyber Security certifications (e.g. CTIA, CREST PTIA, MITRE’s MAD, CySA+) are a plus.
• 4-7 years of total experience in SOC in a large multi-national organization or in a known MSSP. In addition to SOC Engineering experience, candidate should possess at least 2+ year of experience on Threat Hunting capabilities.