Cybersecurity Threat Hunting Team Lead - REMOTE

Binary Defense is seeking a Threat Hunting Team Lead to join our Threat Hunting Team. 

The Threat Hunting Team Lead position requires an experienced, analytical person who regularly performs hands-on technical work as well as guiding and mentoring new to mid-level career employees in threat detection engineering, threat intelligence research, practical application of threat intelligence to operations, reverse-engineering malware, developing custom software tools using scripting languages and understanding threat actor techniques used to compromise systems and evade detections. A successful candidate will communicate effectively verbally and in writing with clients and internal team members, use strong technical analysis skills to study threat actor techniques, network with other researchers in the security community to share information about threats and develop new tools and detection capabilities to uncover threats in network traffic and endpoint systems. 

The job duties include leadership, technical mentoring, strong research and analysis skills, including understanding of malware analysis, reverse-engineering, defense evasion techniques, and engineering of detection capabilities. Threat Researchers and Threat Hunting Team Leaders produce products such as network detection rules (Snort or Suricata), file pattern matching rules (YARA), and SIEM or EDR threat detection rules (e.g., Splunk, Carbon Black, Azure Sentinel, etc.). Team Leaders also review the technical work of Threat Researchers on their team and offer advice for improvement. Threat Hunting Team Leaders hunt for advanced attackers who evade detection by existing security controls, add new detection rules and tune those rules to provide useful results, while keeping clients well informed about the work being performed and serving as the primary point of contact for clients to address issues related to threat hunting tasks. 

The role also involves writing software tools for internal use, using a variety of scripting or programming languages. The position requires a person who exhibits empathy and compassion for team members, is comfortable making decisions, can take ownership, is deadline oriented, highly responsive, and is able to produce high quality work in a fast-paced environment. The role is responsible for producing written work several times a week on a wide variety of cybersecurity topics, occasional technical blogs, and optionally presentations and webinars as needed. Threat Hunting Team Leaders will work closely with the Security Operations Center (SOC) Shift Leaders and the SOC Manager as required to help with detailed analysis of security events, analysis of malware capabilities, and extraction of indicators of compromise (IOCs) to locate other compromised systems on client networks. The Threat Hunting team is very collaborative and supportive of other business units, and Team Leaders must reflect and maintain that spirit of friendly cooperation

Responsibilities

• Lead a small team of Threat Researchers to provide Threat Hunting services for clients, serving as the primary point of contact for clients to discuss technical threat hunting issues, and mentoring new Threat Hunting team members to grow in their skills and abilities.
• Reverse engineer malware using disassemblers and debugging tools (e.g., IDA Pro, Ghidra, x64dbg, WinDbg, Immunity Debugger, Frida, etc.). Team Leaders who lack reverse-engineering skills but have strong detection engineering skills will also be considered for this position.
• Based on malware analysis results and observation of attacker tactics, engineer behavioral detection alerting rules for events reported by endpoints, cloud services, network devices, and other relevant event sources. This could include Splunk SPL, Microsoft Kusto Query Language (KQL), Elastic Kibana Query Language, Carbon Black, Suricata, Snort rules, or other pattern matching detection rules.
• Proactively research new malware using hunting capabilities on malware repository services such as VirusTotal, and through established partnerships with other security researchers to obtain new samples.
• Develop new software tools as required by job duties, including software that implements non-standard network communication protocols and encrypts or decrypts data using algorithms discovered from malware analysis results.
• Keep up to date with the latest threat actor techniques and other cybersecurity topics that are relevant to businesses defending computers and networks from intrusions.
• Perform research and investigations with little to no oversight to locate information that is relevant to clients’ requests, and communicate the results effectively to clients (typically interfacing with employees of the client company who are information security professionals)
• Ensure that all written communication is professional, high quality, free of errors and clearly delivers relevant information that is of value to clients or the public.
• Other projects and responsibilities, as assigned by the direct manager

• 7+ years experience in Threat Hunting, Security Research, or Incident Response.
• Demonstrated leadership skills, preferably in a formal leadership role
• Technical understanding of malware analysis techniques and ability to correctly interpret results of malware reverse engineering as it practically applies to threat hunting tasks
• Experience reverse-engineering malware 
• Programming and scripting experience to develop internal tools 
• Experience analyzing obfuscated scripts (e.g. PowerShell, VBA, JavaScript, .Net, etc.)
• Superior research and technical analysis skills
• Excellent writing and verbal communication skills
• Understanding of cybersecurity topics and ability to explain them to others clearly
• Proven track record of independently managing multiple research projects – Accountability, personal initiative, and integrity 
• Ability to take ownership, set priorities, multi-task and meet tight deadlines
• Well-developed problem-solving and interpersonal skills
• Excellent organizational skills with acute attention to detail 

Preferred

• Bachelor’s degree in computer science, Digital Forensics, or related major with an emphasis on Security
• Advanced technical training in threat hunting, malware analysis, threat intelligence or other relevant topics 
• Recognized as a leader and contributor in the information security community, regardless of number of years of experience.
• Track record of excellent performance as a leader of information security professionals
• Experience in a security service provider role dealing with clients
• Experience planning, designing, and implementing security controls and systems
• Published work (blogs, software, etc.) on threat detection engineering
• Red team or adversary simulation experience
• Experience teaching or guiding others to learn malware analysis techniques
• Experience defeating packers/crypters to unpack malware samples for analysis

About Binary Defense

Binary Defense is a trusted leader in security operations, supporting companies of all sizes to proactively monitor, detect and respond to cyberattacks. The company offers a personalized Open XDR approach to Managed Detection and Response, advanced Threat Hunting, Digital Risk Protection, Phishing Response, and Incident Response services, helping customers mature their security program efficiently and effectively based on their unique risks and business needs.

With a world-class 24/7 SOC, deep domain expertise in cyber, and sophisticated technology, hundreds of companies across every industry have entrusted Binary Defense to protect their business. Binary Defense gives companies actionable insights within minutes not hours, the confidence in their program to be resilient to ever-changing threats, and the time back that matters most to their business.

Binary Defense is also the Trusted Cybersecurity Partner of the Cleveland Browns and partners with PGA TOUR players. For more information, visit our website, check out our blog, or follow us on LinkedIn.

Binary Defense offers competitive medical, dental and vision coverage for employees and dependents, a 401k match which vests every payroll, a flexible and remote friendly work environment, as well as training opportunities to expand your skill set (to name a few!). If you’re interested in joining a growing team with great perks, we encourage you to apply!