Position: Cybersecurity Threat Hunter (Intermediate/Senior)
Datacom Location: Auckland Preferred for Intermediates, Anywhere in NZ for Seniors.
Our Why
Datacom works with organisations and communities across Australia and New Zealand to make a difference in people’s lives and help organisations use the power of tech to innovate and grow.
Datacom Cybersecurity Defence Operations Centre (CDOC) operates out of three locations Wellington, Auckland, and Brisbane from where we provide a full stack of Cybersecurity services including managed SOC/SIEM/EDR.
Our Cybersecurity Defence Operations Centre is a well-established team made up of Cybersecurity Analysts, Platform Engineers, Automation Specialists, Threat Intel Analysts, Threat Hunters and Incident Responders who have been managing customers, both commercial and government, for over 10+ years. We are a matured operational team that not only responds to security events, incidents, and triggers, we proactively hunt for anomalous, suspicious, and potentially unwanted activities within our customers environment.
We partner with industry leaders to provide our services and to provide you with a broad technical skillset, certifications, and experience.
About The Role (Your Why)
We are currently looking for a highly skilled and motivated individual to join our Cybersecurity Incident Response Team (“CSIRT”) as a Cybersecurity Threat Hunter. CSIRT is a specialist function of CDOC who provide proactive and reactive expertise for major cybersecurity incidents. In this role, you will proactively identify and neutralise potential cyber threats in Datacom as well as its customer’s environments. Your expertise in cyber security, data analysis, and threat intelligence will be crucial in detecting and responding to emerging threats.
Additionally, you will conduct compromise assessments to uncover any potential security breaches. We are seeking a candidate who has a strong understanding of the evolving cyber threat landscape and possesses excellent communication, analytical, and problem-solving skills.
As per the job title, we are keen to speak to Intermediate or Senior Threat Hunters and the final position title will be discussed with the successful applicant, so whether you are a seasoned Threat Hunter with DFIR or Senior SOC experience or someone on your way to becoming such a person, you will be considered for this role.
Due to the nature of the clients you will be working with you will need to be a current NZ Citizen/Permanent Resident and have the ability to pass additional security clearances which will require you to have lived in a five-eyes country for the last 5 years. We do however consider work visas for other opportunities across Datacom so please keep an eye on our careers page for any roles of interest.
What You’ll Do
As a Cybersecurity Threat Hunter, your primary responsibility will be to develop and execute threat hunt missions to locate and respond to previously undetected adversary activities.
You will actively participate in investigations focused on threat actors, help Senior Analysts create new detection methodologies, and provide expert support to incident response functions.
The main focus of your role will be to detect, disrupt, and eradicate the presence of threat actors from enterprise networks. To accomplish this mission, you will utilise data analysis, threat intelligence, and state-of-the-art security technologies.
You will also directly support the CDOC by applying your analytical and technical skills to investigate intrusions, identify malicious activity and potential insider threats, and carry out incident response activities.
Responsibilities:
- Proactively analyse logs, network traffic, system behaviour, and relevant data sources to identify potential cyber threats.
- Conduct thorough investigations into major security incidents, determining root causes, impact, and mitigation strategies. Providing expertise and support to contain, eradicate, and recover from such security incidents.
- Undertake proactive incident response consulting engagements such as developing incident response plans/playbooks and facilitating cybersecurity tabletop exercises or post incident reviews for our customers and internal teams.
- Develop and implement advanced analytics and detection techniques to enhance threat hunting capabilities and improve overall security posture.
- Stay updated on the latest cyber threats, vulnerabilities, and industry trends to enhance threat hunting methodologies and stay ahead of potential attacks.
- Design and execute proactive hunting strategies, utilising manual and automated techniques, to identify security weaknesses and indicators of compromise.
- Generate detailed hunt reports and documentation on findings, investigations, and remediation recommendations, ensuring accurate and timely communication. Brief customer stakeholders on findings, including recommendations to improve security controls and posture.
- Maintain up-to-date analysis and hunting frameworks, document findings, and create threat models and tactics to support hunt hypotheses and assess data requirements.
- Collaborate with CDOC’s Threat Intelligence team to analyse threat intelligence reports, security alerts, and other data sources to identify indicators of compromise and potential malicious activities.
- Collaborate with the CDOC Security Operations team to develop use cases covering new threat actor tactics, techniques, and procedures (“TTPs”) to optimise future detection and alerting.
- Participate in an on-call roster for major incident response.
- Occasional planned or last-minute/urgent travel to customer sites may be required for certain customer facing engagements. This may include a customer site in your home city, or travel to other customer sites within Australia and New Zealand.
What You’ll Bring
- The mindset of a hunter! We are looking for someone who loves the chase and thrill of searching for previously undetected adversary behaviour.
- Digital forensics and incident response experience (En Case, Magnet Axiom, Paladin, X-Ways), understanding forensic artifacts that would be useful in an investigation.
- Proven knowledge and experience of efficiently searching large datasets across multiple log sources and underlying platforms including XDR/EDR and SIEM products such as Crowd Strike, Microsoft Defender, Splunk, or Sentinel.
- Experience in digital forensics and incident response (“DFIR”) with an understanding of key system / digital forensic artifacts and how they are useful in a cybersecurity investigation.
- Strong communication and presentation skills, and comfortable with senior stakeholder engagement during incidents or tabletop exercises.
- Proven experience in responding to high-profile cybersecurity incidents.
- A strong understanding of current and emerging attacker behaviours, tools, tactics, and techniques that you will apply when building hunt missions.
- A solid understanding of how and when to leverage appropriate frameworks such as Mitre ATT&CK, D3FEND and CAPEC, Unified Kill Chain and Diamond Model of Intrusion Analysis.
- Proven ability to conduct independent research to validate or supplement other sources of threat intelligence, indicators and feeds, including malware analysis in order to extract indicators of interest.
- Experience with and familiarity with coding and / or scripting skills such as Python, Power Shell, Bash.
- At least 6+ years relevant IT experience - with at least 3+ years in Cybersecurity, with experience in Major Incident Response and Threat Hunting.
The Person Will Have Proven Experience in a role similar to:
- Cyber Threat Intelligence / Cyber Threat Hunting
- Digital Forensics / Incident Response (DFIR)
- Security Operations
- Penetration Testing / Red-team
- Security Architecture
Why Join Us Here at Datacom?
Datacom is one of Australia and New Zealand’s largest suppliers of Information Technology professional services. We have managed to maintain a dynamic, agile, small business feel that is often diluted in larger organisations of our size. It's our people that give Datacom its unique culture and energy that you can feel from the moment you meet with us.
We care about our people and provide a range of perks such as social events, chill-out spaces, remote working, flexi-hours and professional development courses to name a few. You’ll have the opportunity to learn, develop your career, connect and bring your true self to work. You will be recognised and valued for your contributions and be able to do your work in a collegial, flat-structured environment.
We operate at the forefront of technology to help Australia and New Zealand’s largest enterprise organisations explore possibilities and solve their greatest challenges, so you will never run out of interesting new challenges and opportunities.
We want Datacom to be an inclusive and welcoming workplace for everyone and take pride in the steps we have taken and continue to take to make our environment fun and friendly, and our people feel supported.