Skills required:
Experience with security devices such as SIEM, IDS/IPS, HIDS/HIPS, anomaly detection, Firewall, Antivirus systems, Endpoint Detection & Response tools and their log output
• Experience in analyzing large data sets
• Experience in using data mining, analytic and visualization tools, such as data lakes (Elastic, HDFS), linux tools (ex. Grep, cut, sort) and regex
• Experience with industrial taxonomies like Cyber Kill Chain, MiTRE’s ATT&CK, MiTRE’s CAPEC, MiTRE’s CAR, NIST, CIF, SANS and STIX 2.0
• Ability to translate security impacts to the wider business
• Ability to understand end-to-end threat landscape of all sectors
• Skills to analyze attack vectors against a particular system to determine attack surface
• Ability to produce contextual attack models applied to a scenario
• Ability to demonstrate intrusion sets using cyber kill-chain and Tactics, Techniques and Procedures
• Ability to co-ordinate with other security focal point during an active incident
• Knowledge of security controls, how they can be monitored, and thwarted
• Knowledge on vulnerability detection and response from Threat Hunting point of view
• Network forensics: network traffic protocols, traffic analysis (i.e. Network flows and PCAP), intrusion detection