Job Descriptions

You may search job titles by skills within selected job category

Threat Hunter: Management and Active Defence

PROTECT & DEFEND

Skills

Job Description

NOTE: Advanced role that has traditionally been almost exclusively in national security and military contexts. This role is most commonly found in large or medium-sized organizations. 

Reporting relationship

To be completed by the user of this job description as appropriate.

Job purpose / summary

Front-line cyber security operations center operator responsible for monitoring and maintaining IT security devices and is often responsible for initial detection, incident response and mitigation

Duties and responsibilities

  • Identify and analyze technical threats to, and vulnerabilities of, networks
  • Identify, contain, conduct initial mitigations and report system compromises
  • Review, analyze, and/or apply internet security protocols, cryptographic algorithms, directory standards, networking protocols, network hardening, technical IT security controls, IT security tools and techniques, OS, intrusion detection/protection systems, firewalls, routers, multiplexers and switches, and wireless devices
  • Analyze security data and provide alerts, advisories and reports
  • Install, configure, integrate, adjust, operate, monitor performance, and detect faults on security devices and systems
  • Conduct impact analysis for new software implementations, major configuration changes and patch management
  • Develop proof-of-concept models and trials for IT security products and services
  • Troubleshoot security products and incidents
  • Design/develop IT Security protocols
  • Complete tasks related to authorization and authentication in physical and logical environments
  • Develop options and solutions to meet the security-related project objectives
  • Identify the security products and its configuration to meet security-related project objectives
  • Implement and test configuration specifications
  • Develop configuration and operational build books
  • Review, develop and deliver relevant training material

Tools and Technologies

  • Incident management processes and procedures
  • Defensive systems including firewalls, anti-virus software and systems, intrusion detection and protection systems, scanners and alarms
  • Security event and incident management systems and/or incident reporting systems and networks

Competencies

The following KSA are applied at an advanced level:

  • Advanced threat management
  • Advanced threat actor TTPs including specialization of persistent threat actors (e.g. nation state, organized crime)
  • Interpreting/synthesizing classified / sensitive threat intelligence from multiple sources
  • Legal and ethical responsibilities associated with active defence techniques
  • Exploitation analysis
  • Threat hunting and active defence frameworks
  • Developing complex courses of action including risk assessment and mitigation plan
  • Active defence tactics, tools and procedures including advanced threat countermeasures and counter-countermeasures
  • Adversarial thinking
  • Developing, testing and deploying technical tools within an active defence framework to protect organizational information and systems at risk

Qualifications

Education. College diploma in IT field with specialization in IT/cyber security, network security or similar or equivalent training and experience. 

Cybersecurity operations training with industry-level certification in related field (e.g. security operations, network security, threat detection and mitigation, security appliance operations). More advanced training required for Threat Hunters.

Certifications.

To be completed by the user of this job description as appropriate

Other relevant qualifications.

To be completed by the user of this job description as appropriate

Key Attributes. Initial experiential requirement is to have been successful working in an IT environment and technical team setting.

Experience. Tier III roles may require more extensive training and education in addition to relevant experience. Often a computer science or computer engineering degree is a pre-requisite given the level of knowledge and skill required in more complex tasks.

Working conditions (if required)

If the job requires a person to work in special working conditions this should be stated in the job description. Special working conditions cover a range of circumstances from regular evening and weekend work, shift work, working outdoors, working with challenging clients, and so forth.

Physical requirements (if appropriate)

If the job is physically demanding, this should be stated in the job description. A physically demanding job is one where the incumbent is required to stand for extended periods of time, lift heavy objects on a regular basis, do repetitive tasks with few breaks, and so forth.