Threat Hunting and Intelligence Analyst

Job Description

We protect Bloomberg.The Cyber Security Operations Center (CSOC) works to understand the cyber threats we face as an organization, develops instrumentation for detection and monitors events 24x7 looking for suspicious activity. If an incident is confirmed, our goal is to respondeffectively to reach the best outcome in a timely manner ensuring appropriate stakeholders are involved as required. We report into the CISO, but work closely with Engineering, Legal, Compliance and many others across the organization to help unify securityevent management and incident response. Our colleagues depend on us to be incident response pros that have a deep understanding of IT networks and systems. On any given day we analyze cyber security events, hunt for suspicious activity, research and disseminatethreat intelligence, create / improve detection rules and create / automate response procedures. Whats the Role:As a Threat Hunting and Intelligence analyst within the CSOC, youll be responsible for monitoring and analysis of security events occurring on our networks and systems. This includes the analysis of events tracked in our SIEM as well as the analysis of rawsecurity events and data emitted from various host and network sensors in our environment. You will also be expected to analyze, hunt for and report on malicious activities based on threat intelligence indicators and reports.Additional duties included thetimely testing and validation of new alerting and detection rules, documenting analytical procedures, and training our operational staff on these new alerts. Youll need to have:

• A passion for exploring and analyzing data on a large scale.
• Strong understanding of fundamental networking concepts (i.e. TCP/IP)
• A solid understanding of Windows, Linux, and Mac operating systems.
• Previous experience with computer security monitor and analysis.
• Previous experience with deep file, host, or network level analysis.
• Previous experience malicious email analysis.
• Previous experience with enterprise search technologies such as Splunk and Elastic Stack (ELK).
• Previous experience with the python programming language.

Wed Love To See:

• Deep knowledge of Enterprise network and host security controls and detection techniques.
• A background in attacker tools and techniques leveraged against enterprise environments.
• Experience performing malware analysis and/or protocol analysis.
• Prior experience performing threat hunting operations.
• A basic understand of threat intelligence fundamentals including the major threat actors and their tactics, techniques, and procedures.
• Previous experience hunting for threat actors whether leveraging indicators of compromise or techniques.
• Experience with Endpoint Detection and Response (EDR) tools e.g. osquery, sysmon, Carbon Black, Falcon, etc.
• Experience with Network IDS, protocols, filtering and packet capture devices e.g. Snort/Suricata, NetWitness, Bro, etc.
• Familiarity with development processes and environment tools such as Git, Jira, Jupyter notebooks.Whats It Like To Work Here We work hard. We are ambitious and set ourselves tough business goals. We are a meritocracy, where everyone has a voice - not a job title. Working with people you trust, respect, and can collaborate with is more important than titles or position. Things movefast, and we want people who will enjoy working in this environment and feed off the energy. That being said, it isnt all about work. Giving back is one of our core values, and there are many ways to get involved in philanthropic initiatives, from helpinglocal school kids with their reading, to helping clean up local parks and waterways.

If This Sounds Like You:Apply if you think were a good match. Well get in touch to let you know what the next steps are, but in the meantime feel free to have a look at this: https://company/ Bloomberg is an equal opportunity employer and we value diversity at our company. We do not discriminate on the basis of age, ancestry, color, gender identity or expression, genetic predisposition or carrier status, marital status, national or ethnic origin,race, religion or belief, sex, sexual orientation, sexual and other reproductive health decisions, parental or caring status, physical or mental disability, pregnancy or maternity/parental leave, protected veteran status, status as a victim of domestic violence,or any other classification protected by applicable law. Bloomberg is a disability inclusive employer. Please let us know if you require any reasonable adjustments to be made for the recruitment process. If you would prefer to discuss this confidentially, please email .uk.