Title:  Cyber Threat Hunting Analyst

We’re JTI, Japan Tobacco International, and we believe in freedom. 

 
We think that the possibilities are limitless when you’re free to choose. We’ve spent the last 20 years innovating and creating new and better products for our consumers to choose from. It’s how we’ve grown to be present in 130 countries, and how we’ve grown from 40 to 4,000+ employees in the Philippines since 2009.
 

But our business isn’t just business, our business is our people. Their talent. Their potential. We believe that when they’re free to be themselves, to grow, travel and develop, amazing things can happen for our business. That’s why our employees, from around the world, choose to be a part of JTI. It’s why 9 out of 10 would recommend us to a friend, and why we’ve been recognized as INVESTORS IN PEOPLE in the Philippines

It’s the perfect moment for you to #JoinTheIdea. We’re opening our Global Business Service center in the heart of BGC Manila and looking for more than 300 bright minds to join a global multinational with an exciting start-up vibe.

This advertisement will remain available until the role is filled.

Cyber Threat Hunting Analyst

This position exists to support the Cyber Threat Hunting Manager to implement proccesses and technologies for the early detection of potential security threats. The Cyber Threat Hunting Analyst will contribute to the definition, implementation and maintainance of the Threat Detection and Hunting service according to relevance, potential impact and risks.

Additionally, the Analyst will:
1. Contribute to correlate threat actor profiles and TTPs to attack vectors to develop new use cases or hypothesis for hunting campaigns.
2. Provide support to ensure the service is adequately delivered together with our MSSP provider and consistently integrated with the other security platforms and services.
3. Collaborate to enhance and maintain partnership with other Information Security functions to deliver shared outcomes that measurably improve JTI SOC efficiency to detect and respond to threats.
4. Create reports and propose corrective actions to enhance the IT security posture.

Desirable: Certifications (any security certification like but not exclusive to the following): CEH, CISSP, OSCP, GIAC

What you will do?

1. Threat Detection
Support to the log onboarding process and contribute to the implementation of new monitoring use cases along with their lifecycle.
Support to the creation of visibility/detection coverage mappings and the identification of gaps to detect relevant threats, actors and tools.
Provide security monitoring backup to ensure no security detections are missed.

2. Threat Hunting
Support Threat Hunting program creation, maintenance and continuous improvement.
Contribute to the creation of threat hunting hypothesis.
Participate in Threat Hunting activies based on TTPs and IOCs triggered by CTI, threat hunting hypothesis, security monitoring, incident response or others.
Contribute to the development of new monitoring use cases based on threat hunting results.

3. Cross-functional collaboration
Participation in Threat Modelling in conjunction with Cyber Threat Intelligence functions.
Support Incident Response during significant or major Security Incidents, collaborate in the creation of triage playbooks and collaborate in the reduction of number of false positives.
Collaboration with TSC for security product enhacement or problems/misconfigurations resolution.

4. Thrid-Party collaboration
Collaborate and align with security vendor/MSSP provider to ensure that service delivery and support meet performance and business objectives.

5. Reporting
Participate in the creation of reporting based on metrics to measure effectiveness of Threat Detection and Hunting service.

Who are we looking for?

• University Degree in the area of Computer sciences or related field
• 1+ years of relevant experience as a member of a Threat Detection, Hunting, Incident Response, Malware Analysis, or similar role. Previous Red/Purple Teamer experience is a plus.
• Good understanding of Cybersecurity fundamentals, Threat Landscape, Attack Vectors, Threat Actors and their Tactics Techniques and Procedures.
• Familiarity or background in Intelligence Driven Defense, Cyber Kill Chain methodology, and/or MITRE ATT&CK framework.
• Knowledge on security platforms (XDR, IDS/IPS, WAF, etc.).
• Experience with Microsoft products is a plus. E.g. Microsoft Defender for Enpoint.
• Relevant experience of SIEM and Data Lake searching languages (Splunk and Microsoft suite are a plus).
• Knowledge of Windows system internals, Web Applications and APIs.
• Familiarity with nation state, criminal, and financially motivated actor groups.
• A proven track record in protecting large global and distributed organisations.
• Scripting skills is a plus

What are the next steps?

Thank you for applying! We will make sure to provide you with feedback within the next two weeks.