Job Description
Volexity’s Threat Detection & Response Analyst will work to protect organizations from a wide variety of threats, ranging from commodity phishing and malware campaigns to highly targeted attacks involving zero-day exploits.
Individuals applying for this role should expect a job opportunity where they can:
- Analyze and respond to advanced and emerging threats
- Work on investigations that evoke a sense of personal investment
- Be part of a growing industry-leading security operations team
- Collaborate with Volexity’s Threat Intelligence and Incident Response teams
- Help protect NGOs, activists, dissidents, human rights defenders, and other highly targeted groups
Candidates are expected to have a minimum of two years of experience in an IT Security focused role, specifically with a strong emphasis on investigating security incidents stemming from alerts generated by network intrusion detection systems, endpoint detection response/antivirus software, and logs generated from security devices and/or productivity suites (e.g., Microsoft 365, Google Workspace, etc.).
Responsibilities
The responsibility of a Threat Detection & Response Analyst will include but not be limited to:
- Monitoring and triaging alerts generated via network security monitoring, EDR platforms, and other log sources
- Threat hunting across Volexity’s customer base to look for new or previously undetected threats
- Creating detailed incident reports that provide context, as well as actionable recommendations and next steps
- Assisting in the creation of detection content and alert signatures, as well as helping tune signatures as needed to improve detection accuracy
- Working closely with customers, responding to inquiries and questions in a timely fashion
- Tracking industry activity, such as new vulnerabilities and threat reports
Required Skills
As a Threat Detection & Response Analyst, the expected skillset should include:
- Excellent understanding of network protocols and operating systems as they relate to threat detection
- Detailed knowledge of the current threat landscape and the TTPs of various threat actors
- Ability to quickly determine the scope of a given threat detected, identifying indicators of compromise, and assessing the criticality of the threat to properly prioritize reporting and response
- High-quality written communication skills, with the ability to document findings for customers in long-form reporting
- Experience reviewing other team member’s work to ensure high standards across the team
- Resourceful self-starter who can work both with a team and independently, when required
Preferred Experience
Successful candidates for this role may also demonstrate the following experience or skills:
- Ability to write YARA and Suricata signatures; a successful candidate will be able to recognize the qualities of good signatures and create solid signatures for both the YARA and Suricata formats
- Basic or higher proficiency in Malware Analysis
- Ability to write detection logic for a variety of systems, such as SentinelOne, Microsoft Defender for Endpoint, or other endpoint detection and response solutions
- Prior experience working in a SOC or as part of an IR team responding to active threats, with an understanding of which facets of signatures can lead to false positives and how to avoid them
- Basic or higher proficiency in Python, Go, or a similar programming language
Collaboration
In terms of working with others, Threat Detection & Response analysts will be expected to:
- Work with teammates to compile customer reports, notifications, and advisories; and clearly communicate what work has been performed and what remains to be completed
- Teach new analysts Volexity’s process and procedures, helping them to develop new skills
- Stay up to date on current security events and threat intelligence, sharing critical news with teammates as it is discovered
Volexity Inc. is an Equal Opportunity Employer.