About the Team:
Arctica Wolf Threat Content Team is the owner and intellectual author of the telemetry and detection rules of our Aurora Focus (EDR) product, part of Aurora Endpoint Defense.Our Team started only 3 years ago in BlackBerry-Cylance. Since then we have developed many internal tools to streamline our daily tasks, defined work standards and how to create content (detection/telemetry rules), and high fidelity content (fine tune processes, reduce f+), created quality assurance processes (Unit Test, Regression and E2E Testing), communication channels with other areas of Threat Intel and S2, without neglecting our main mission which is end cyber risk. We work together with MDR, TRI, AR and CTI teams, to be ahead with
latest findings. As well as, always on the lookout for new attacks, 0days, TTP updates, keeping our client protected.
We actively participate in the purple teaming exercise perform by AR Team, that emulates the most relevant Threat Actors. In our trajectory we have 2 Mitre accreditations, Enterprise 2023 - Turla and Managed Services 2024 - MenuPass + BlackCat. In both we participated as EDR Blue Teamers.
About the Role and Responsibilities:
Analyse, research, and develop new content for Aurora Focus, applying MITRE ATT&CK framework.
Convert investigations performed by our Threat Teams: TRI\AR\CTI into new content (detection/telemetry rules).
Customer Escalation (BFD), collaborate with S2 teams on investigations regarding emerging threats, to generate new
detection rules.
Fine tuning: determining true threats or false positives, and providing solutions, like exclusions, logic change or decreasing
severity.
Python scripting to automate new internal tools or projects.
Ability to effectively manage multiple tasks simultaneously; coordinating and ensuring scheduled goals are met.
Maintain documentation up to date: about a new tool or process we add.
Run regression and end-2-end testing
Push production releases, and notification emails.
Participate in Purple Teaming exercisesGenerate metrics over Databricks Dashboard.
Deliver regular threat briefing presentations to internal & external stakeholders on topics ranging from threat actor campaign activity, novel TTPs, and emerging malware or exploits
Utilize best practices for threat research and documentation and deliver high-quality detection rules.
About You
Relevant experience in a professional setting for threat intelligence or threat research roles
Experience with applying the MITRE ATT&CK framework to intelligence products and associated depth of analysis for each TTP and threat actor represented in this body of knowledge
Experience analysing application and infrastructure telemetry (application logs, network flow logs, audit logs, metrics, core dumps, etc.)
Experience analysing and deriving intelligence from phishing and malware campaigns, vulnerabilities being exploited in the wild, supply chain attacks, and Data breaches
Understanding of threat protection/detection tooling/stacks: SIEM, XDR/EDR
Experience working with Python scripts.
Understand Json format and regex usage.
Linux and MacOS Terminal usage
Basic .sh/.bat scripting knowledge
Windows sysinternals
Experience using Git repositories (GitHub, Git Bash, GitLab)
Experience using Virtual Machines (VMware workstation)
SQL Knowledge, Databricks is a plus.
Lolbins/Lolbas Knowledge
Sigma Rules Knowledge
Excellent written and verbal communication skills
Resourceful self-starter with a positive, can-do attitude
Nice to Have:
Experience with Agile Methodology
Experience using Elastic search, Kibana or Grafana.
You have delivered presentations on cybersecurity or cyber threat intelligence at industry conferences or meetups
You have participated in sharing of threat intelligence through ISACs, Trust Groups, intelligence partnerships, or via other open communities
CISSP, OSCP, GCTI or other relevant certifications are a plusInterview Process
The interview process is approximately as follows:
Phone pre-screening: A recruiter contacts you to briefly discuss yourwork history and provide an overview of Arctic Wolf. Approximately 30 minutes
Technical assessment: A recruiter sends you a threat intelligence assessment to complete that will allow you to demonstrate your strategic thinking, analytical skills, and your technical understanding of various threat actor TTPs, malware, vulnerabilities, and/or exploits
Face-to-face interviews: Several team members conduct interviews to learn more about you and provide more information about your potential role and team. Be prepared to discuss your technical assessment, collaborate on a technical problem, and talk more about past projects and your career goals. Approximately 1 hour perinterview.
Security Requirements
Conducts duties and responsibilities in accordance with AW’s Information Security policies, standards, processes, and controls to protect the confidentiality, integrity, and availability of AW business information assets.
Must pass a criminal background check and an employment verification as a condition of employment.
Report job
