Senior Hunt & Response Analyst

Summary

Join Huntress's Global Hunting & Response team as a remote employee based in Australia and make a real difference in cybersecurity. You will be responsible for reviewing hunting data, developing new detections, leading incident response engagements, and performing malware analysis. The role requires experience in threat hunting, incident response, and forensic analysis, as well as familiarity with various security tools and technologies. You will also contribute to content creation and community projects. Huntress offers a competitive salary, bonus, equity, fully remote work, generous leave, and other benefits. This is an exciting opportunity to work with a passionate team and make a significant impact in the cybersecurity industry.

Requirements

• 3-5 years working in one or more of the following: SOC, MDR, Threat Hunting, or Incident Response role
• Experience leading or participating in Incident Response engagements for external customers
• Experience with tools such as osquery, Velociraptor, or leveraging EDRs to perform forensic artifact analysis on systems
• Confident command of forensic tools - such as Ericzimmerman’s EZ tools, RegRipper, Hayabusa, or Chainsaw - and forensic artifacts - such as prefetch, jumplists, shellbags, and more
• Deep understanding of offensive security tradecraft, particularly persistence, lateral movement, credential theft, and remote access
• Confidently able to track threat actors across an organization and timeline the activity
• Strong familiarity with one or more detection languages such as Sigma, Suricata, Snort, or Yara
• Familiarity with OSINT sources and how they can help answer questions relating to threat actor activity and infrastructure
• Strong familiarity with various query languages such as KQL, EQL, ES|QL, Splunk SPL
• Intermediate malware analysis skills
• Intermediate knowledge of Windows internals
• Strong understanding of the current threat landscape, initial access brokers, and ransomware actors
• Passionate and involved with the community through blogs, social media, conferences, etc
• Experience with scripting (such as PowerShell, Python, Bash, PHP, JavaScript, or Ruby)
• Demonstrable experience providing written and/or verbal customer-facing deliverables
• Experience with detection and response in cloud environments such as Microsoft M365/Azure
• Comfortable using Git to contribute to internal projects

Responsibilities

• Perform a cadenced review of hunting data to identify compromises not found during standard SOC workflows
• Research, develop, and test new hunting hypotheses in the form of new detections or analytics
• Lead or support tactical incident response engagements for customers who already utilize Huntress MDR. Perform live analysis on systems to determine the root cause of an intrusion, and craft reports that summarize the intrusion with next steps to be taken
• Perform regular rotations in the SOC to stay current and familiar with SOC day-to-day workflows
• Perform intermediate malware analysis as part of hunting and response efforts
• Perform OSINT as part of hunting and response efforts
• Contribute to content creation efforts such as blogs, videos, podcasts, and webinars
• Contribute back to community-driven projects and frameworks such as MITRE ATT&CK, HijackLIbs, and the LOLBAS Project
• Speak with customers to explain or summarize findings from investigations

Preferred Qualifications

Intermediate knowledge of Linux and MacOS internals

Benefits

• Fully remote work
• 1-2 trips to the US annually for events such as Sales Kick-Off and Summer Summit!
• New starter home office set up reimbursement ($800 AUD)
• Generous personal leave entitlements
• Digital monthly reimbursement ($185 AUD)
• Superannuation
• Healthcare Benefits
• Access to the BetterUp platform for coaching, personal, and professional growth