Threat Specialist

Company Overview

ThreatLocker is a leader in endpoint protection technologies, providing enterprise-level cybersecurity tools to improve the security of servers and endpoints. The ThreatLocker platform with Application Allowlisting, Ringfencing, Storage Control, Elevation Control, Endpoint Network Control, Configuration Management, and Operational Alert solutions are leading the cybersecurity market toward a more secure approach of blocking the exploits of application vulnerabilities.

JOB SCOPE

The Threat Specialist will have a lead role in content development within the ThreatLocker Detect platform. Specialists will be charged with the validation and remediation of ThreatLocker Detect deficiencies mapped against the ATT&CK framework and report technical limitations to the ThreatLocker Detect Product Director. Telemetry will be generated through the malware analysis network in a coordinated fashion with threat analysts as well as routine threat hunting in managed environments. Specialists will also take a leadership role within the Threat Intelligence organization to better round out the capabilities of junior (threat analysts) members.

Required Qualifications

• 3 years of experience in Information Security
• 2 years of experience with Endpoint Detection and Response technology within an enterprise environment
• Content development experience strongly preferred
• Experience with Windows OS and available forensic artifacts
• Mechanisms for persistence, privilege escalation, and defense evasion
• Familiarity with common parent-child process structures
• Windows Artifacts
• Proficiency in custom SNORT, SIGMA, and YARA rule creation.
• Concepts
• In depth knowledge of the MITRE ATT&CK framework and its use within the enterprise environment
• Strong understanding of various security technologies and their relevant applications within an enterprise environment
• Familiarity with adversarial emulation and post-exploitation frameworks
• Soft Skills
• Excellent analytical and problem-solving skills
• Ability to communicate abstract and complex ideas to non-technical stakeholders
• Self-starting mentality
• Critical thinking
• Ability to work in a high-pressure environment
• Ability to collaborate and work effectively in a team setting
• Strong time management skills with an ability to meet time sensitive deadlines
• Ability to mentor junior members of the Threat Intelligence Group to cultivate in-house talent
• Confidence in conveying professional opinions about product functionality and roadmap
• Relevant certifications
• Certified Ethical Hacker (CEH)
• Offensive Security Certified Professional (OSCP)
• GIAC Certified Forensic Analyst (GCFA)
• CompTIA Advanced Security Practitioner (CASP )
• GIAC Information Security Professional Certification (GISP)
  
  

WORKING CONDITIONS

The duties described below are representative of those encountered while performing the essential functions of this position. If necessary, reasonable accommodation may be requested and will be evaluated for its relationship to the essential functions that must be performed.

• Job will generally be performed in an office environment but may require travel to visit company offices and/or property locations.
• While performing duties of this job, would occasionally require to stand, walk, sit, reach with hands and arms, climb or balance, stoop or kneel, talk and hear, and use fingers and hands to feel objects and tools.
• Must occasionally lift and/or move up to 25 pounds.
• Specific vision abilities required include close vision, distance vision, depth perceptions, and the ability to adjust focus.