工作职责: 1.代表公司主动推动威胁搜寻和分析 Proactively drive threat hunting and analysis 2. 利用内部和外部资源研究各种攻击者和攻击基础设施的威胁、漏洞和情报。 Leverage internal and external rescources to research threats, vulnerabilities, and intelligence on various attackers and attack infrastructure. 3. 在公司网络和端点上积极寻找风险ior指标和apt战术、技术和程序ttp。 Actively hunt for indicators of risk ior and apt tactics, techniques, and procedures ttp on skrykers networks and endpoints. 4. 识别和跟踪威胁参与者组、他们的技术、工具和程序,同时保持对高级持久性威胁的工具和最||佳实践的最新知识 Identify and track threat actor groups, their techniques, tools, and procedures ttp while maintaining current knowledge of tools and best practices of advanced persistent threats apt 5. 使用MITRE ATT&CK框架分析恶意活动并评估安全技术的有效性。 Use the MITRE ATT&CK framework to analyze malicious campaigns and evaluate the effectiveness of secruity technologies. 6. 创建详细的事件报告,提供专家分析调查支持,并与全球团队合作总结经验教训 Create detailed incident reports, provide expert analytic investigative support, and contribute to lessons learned in collaboration with global cirt team 7. 报告调查结果,并建议系统调整/定制和数据收集改进。 Report on findings and recommend system tuning/customization and date collection improvements. 要求: 1. 计算机信息安全或信息系统相关专业本科 Bs in computer informatoin security or information system of equivatent 2. 至少需要GIAC的一个安全认证,如CEH、CCTHP、CISSP、CISM、CRISC。 At least one of the security certifications such as CEH, CCTHP, CISSP, CISM, CRISC, of GIAC required. 3. 2以上年信息安全、网络安全或类似职能领域的工作经验。 2 years experience in information security, cyber security, or similiar functional areas. 4. 了解常见的攻击向量、ddos攻击、网络钓鱼、网络攻击和恶意软件。 Understanding of common attack vectors, ddos attacks, phishing, web attacks, and malware. 5. 事件响应和威胁搜寻的背景。 Background within incident response&threat hunting. 6. 有贯入试验经验。 Experiences of penetation testing. 7. 网络背景、搜索漏洞、日志审查。 Background of network, searching vulnerabilities, log review. 8. 熟悉安全工具,如ORadar/Splunk、PA防火墙、qualys、MDO等。 Familiar with security tools such as ORadar/Splunk, PA firewall, qualys, MDO, etc. 9. 具有解决复杂问题和确定信息安全解决方案以应对具有挑战性的业务问题的能力、管理/组织、报告活动进展的能力、较强的分析能力 Domonstrated ability to solve complex problems and indentify information security solutions to challenging business problems, to manage/organize, to report on progress of activities,strong analytical skills 10.能够用英语写作和交流 Able to write and communicate in English