Oh oh! Awesome! {$ msg.text $} ({$ msg.count $})

Cloud Threat Hunter

  • Helsinki +14 more
  • Helsinki +14 more

WithSecure is world renowned for its security products and services for protecting endpoints and more recently cloud infrastructure.

We provide Countercept – a world leading Managed Detection and Response (MDR) service that detects and responds to cyber-attacks on behalf of our clients using a strong combination of people, process, and technology. Due to the increasing importance of cloud security, Countercept are hiring cloud threat hunters to deliver their Cloud Detection for AWS and Azure services. The service is continuously improved using knowledge from real-world attack techniques identified during Incident Response engagements or novel techniques during consulting research. The role will provide you with an opportunity to learn from our cloud experts and potentially progress into a range of cloud security roles.

The cloud threat hunter role involves both uncovering new and emerging offensive and defensive techniques and advising customers on incident management and cloud security posture.

What we need…

WithSecure Countercept are looking for a Cloud Threat Hunter to join our growing Detection and Response Team (DRT). The DRT actively monitor clients’ IT estates, develop the cutting-edge solutions on which the service is built and use their unique Threat Hunting mindset to continuously improve WithSecure Countercept’s capabilities.

We are looking for a candidate with bundles of enthusiasm, a hunger to improve their security knowledge and the desire to combat adversaries targeting our customers’ cloud environments.

Key Responsibilities...

  • Proactively investigate cloud telemetry and log-based security events
  • Manage incidents from detection to resolution
  • Contribute to detection algorithms and posture management rules
  • Reconstruct incident timelines based on cloud artifacts
  • Research and develop PoCs for new attack techniques to uncover innovative detection capabilities

What are we looking for...

  • If any of these points pique your interest, you will seamlessly integrate into the team and succeed:
  • You are excited about a cloud-focused, research-driven, hands-on detection and response operation
  • You love nothing more than reading about attacker techniques and are keen to thwart them, as well and respond to the ever-evolving threats they present to our clients.
  • You are both using and developing cutting edge tools to aid detection and response and are keen to keep up with the latest industry developments.
  • You relish the thought of real-world experience
    responding to attacks of all levels, from script kiddies to nation states, and look forward to sharing this experience and knowledge with the rest of the team and the industry at large.
  • You keep up with the latest cloud security developments, architecture best practises, and are an avid reader of things like /r/netsec to get your security knowledge fix.

The Countercept platform is a dynamic and rapidly evolving product, which is heavily research led. The ideal candidate would be able to contribute to enhancing the capability of the service, whether through direct development, research activities or media opportunities.
The ideal candidate should also have solid experience in both offensive and defensive security areas, either penetration testing, incident response or ideally a mixture of both.

Essential skills for a Senior Cloud Threat Hunter:

  • Awareness and good understanding of the state of offensive techniques and APT TTP's in cloud environments.
  • Awareness and understanding of cloud security best practise including cloud configuration.
  • Experience with alert and reported incident triage, ability to assess the need for escalation along with the applicability of any relevant procedures in a given case.
  • Ability to analyse data efficiently and make out potential anomalies in event/management plane data.
  • Willingness to operate in between offensive and defensive security operations.
  • Intermediate to advanced python skills. Familiarity with code distribution, maintenance, and version control.
  • Ability to generate new ideas, plan and execute research projects.

Desirable skills for a Senior Cloud Threat Hunter:

  • Strong understanding of AWS IAM and/or Azure AD & RBAC as well as how the most pervasive cloud compromises related to these.
  • Experience investigating potential compromises.
  • Experience participating in coordinated response to real-world security incidents.
  • Experience with common network traffic analysis platforms and/or SIEM solutions.
  • Mentorship of junior members of the team.

Our four promises to you…

  • Freedom – you will have the opportunity to define new ways of working how we engage with our customers, and how product value gets represented.
  • You will work together with experienced and enthusiastic colleagues, and within WithSecure you'll find some of the best minds in the cyber security industry.
  • Your work will be clearly visible and recognised – all over the world and across our business units.
  • You can rely on the support from the entire WithSecure leadership including our top executives.

Work with great people

Karolina Malagocka
Senior Marketing Manager
"We see the value of each and every person"
William Jardine
Managing Consultant
"The freedom is a big thing for me. The trust you are doing something worthwhile."
Robert Grześkowiak
Lead Software Engineer
"At WithSecure you won't feel bored. There are opportunities to learn new things every day."
Fairuz Zainor
"I joined WithSecure (previously F-Secure) straight after graduating and now, 10 years later, I am still happy to be here."

Great Place to Work

  • Over 1,700 amazing colleagues in nearly 30 offices

  • Possibility to protect the world

  • Work with best of class experts who care

  • Relaxed, open and fun working environment

  • 68+ of nationalities

  • Global with the spirit of a small company

About the company

Purpose – Why we exist
We are here to build and sustain trust in a digital society
We are here to build and sustain trust in a digital society — trust that is threatened by uncertainty, fear and worry caused by cyber attacks and crime.

Vision – Where we are heading
No one should experience a serious loss because of a cyber attack
We envision a future where no one should experience a serious loss or be put out of business because of cyber attack or crime. At least no one who puts their trust in us.

Mission – What we do
Accelerate transition to outcome-based security
Our mission is to research, innovate and build technologies, human expertise and delivery-business models that will accelerate our customers’ and partners’ transition to outcome-based security.

Danielle Acott | Contact Person

I'm interested

Helsinki +14 more
Visit website