Junior Threat Hunter – London

Salary: Competitive
Location: London
Start date: ASAP
Sectors: Computing & IT, Internet & Digital Media

Countercept is currently looking for a Junior Threat Hunter with a passion for threat hunting, digital forensics, attack detection or penetration testing. The successful candidate will work within the ‘Countercept’ division of MWR, with a group of established threat hunters, focused on carrying out, supporting and resolving day to day investigation of events generated by the Countercept attack detection service for our clients.

If any of the following resonates with you, this could be the role for you:

• Terms like “threat hunting”, “malware analysis”, “process injection”, “covert C2”, “EDR” and “APT” fuel your excitement.
• Terms like “SOC”, “SIEM”, “Alerts” and “Cyber Threat Map” make you sad inside.
• When you aren’t hunting, you are learning awesome new InfoSec skills,
• You love nothing more than learning about and spotting the latest attacker techniques in the wild and using your experience to thwart and respond to the ever evolving threats they present to our clients.
• You keep up with the latest industry developments, are an avid reader of things like /r/netsec and follow swathes of awesome researchers on twitter to get your security knowledge fix.

The Countercept platform is a dynamic and rapidly evolving product, which is heavily research lead. The ideal candidate would be able to contribute to enhancing the capability of the service, whether through direct development, research activities or external promotion.

The candidate should be highly motivated, eager to learn and not afraid to get stuck-in, being able to work autonomously as well as part of a team is essential. The ability to effectively triage and prioritise rapidly evolving incidents, utilising a team of threat hunters and IR practitioners to support, is crucial.

The Countercept service will require threat hunters to monitor the target networks 24/7, 365. Although late night hours will be covered by distributing analysis between MWR's UK and Singapore offices, hunters may expect to work on a rotational basis with other analysts to cover evenings and weekend hours. 

• Proactively investigate host, network and log based security events
• Manage events and triage from detection to resolution
• Malware Triage/Basic Analysis
• Basic Host, Network, and Memory Forensics
• Liaise with clients and report potential findings from both a technical and business perspective
• Assist in development of Countercept service

• Basic knowledge of core IP networking and common protocols
• Scripting experience with Python/Powershell/Bash/WMI or similar
• Strong understanding of Windows or Linux systems
• Candidates hold or could obtain a UK Government security clearance

• Experience investigating compromise events and/or SOC experience
• Ability to differentiate between regular traffic and anomalies
• Experience of network, memory or host forensics
• Experience of automated or manual malware analysis (static and dynamic)
• Mixed skillset covering both offensive and defensive security
• Experience with modern offensive techniques and APT TTP's.
• Experience with common network traffic analysis platforms and/or SIEM solutions
• Relevant security certifications - Crest CRIA/CCNIA/CCMRE/CCHIA, SANS GIAC, GCFA, OSCP/CRT

Countercept is a managed detection and response (MDR) service offered by MWR InfoSecurity. Designed to counter Advanced Persistent Threats (APT) from state sponsored and sophisticated criminal groups, it detects and responds to compromise and attempted compromise across our clients’ IT estates.

Our philosophy is focused on changing the mind-set of the industry, moving away from SOC’s filled will alert-fatigued analysts waiting for their SIEM to flag yet another false-positive and moving towards offensively trained, proactive threat hunters, who understand the attacker mind-set and can root out even the most sophisticated adversaries across both the network and the endpoint.