Threat Hunter - Remote
Lumen

The Role

Black Lotus Labs is looking for a Threat Hunter in the USA. This team works on large data sets looking for security threats in the Internet. We need your skills to help understand, research, and find more risks. The type of person we are looking for is an established member of the threat intel community with a wide knowledge of security and a strong desire to learn even more.

If you enjoy hunting threats and helping clean up the Internet, then this is the job for you.

The Main Responsibilities

• Fuse, correlate, and analyze information and intelligence to provide indications and warnings of pending, possible or actual attacks or compromises
• Conduct intelligence research, analysis and assessments through the use of internal and 3rd party data sources
• Provide assessments of threat actors and attack attempts and recommend possible mitigations
  • Work as the team Point-of-Contact in a rotational cycle to triage incoming research related events.
  • Support threat research customer and partner RFIs.
  • Act as company SME for threat actor related issues.

What We Look For in a Candidate

Desired candidates will have a strong background exhibiting:

• Mentoring more junior members of the team in growing their analytical and security skillsets
• An understanding of complex attack methods
• Experience using OSINT methods for investigation
• An ability to forensically analyze an attack
• Setting priority of what threats to analyze and how long to spend on them to maximize the team's impact
• Strong knowledge of systems architecture and security
• An ability to automate investigation through light-weight software development
• Building and maintaining trust relationships with other intelligence teams, law enforcement, and other outside groups
• Deep network and application protocol knowledge
• Knowledge of application security methodologies
• An ability to understand malware’s behavior
• Working collaboratively with closely partnered internal teams to accomplish work

Well experienced candidates may also have the following skills:

• Experience penetration testing or participating in CTF contests
• Comfort with cryptographic theory and application
• Understanding of WAN networks and routing protocols
• Familiarity with extracting data through SQL
• Experience using statistical analysis methods
• Development knowledge with Python, Java or Scala
• Understanding of static or dynamic analysis of malware
• Experience with Elasticsearch, Splunk, Tableau or other data visualization tools

Qualifications & Skills:

Required (education / experience / skills / competencies)

• Experience with tracking of threat actors
• Ability to analyze large data sets and draw conclusions
• Experience developing automation and analysis in python-based environments
• Strong Unix knowledge
• Deep knowledge of network-based threats and identifying behaviors without attack payloads
• Ability to work with others in providing direction and assisting in learning new topics
• Strong writing skills to assist in sharing our knowledge with the public

Preferred

• Functional knowledge of machine learning and how it can be applied to data sets
• Public speaking experience and a willingness to share technical topics in public forum