Cybersecurity Threat Hunter

Our purpose

Here at Datacom, we connect people and technology in order to solve challenges, create opportunities and discover new possibilities for the communities we live in.

Our team

Our Cyber Defence Operation Centre (“CDOC”) runs across Auckland, Wellington and Brisbane from where we provide our full stack of Cybersecurity Managed services.

The CDOC is a well-established team made up of Cybersecurity Analysts, Engineers, Dev Engineers and Incident Responders who have been managing customers, both commercial and government, for over 10+ years. We are a matured operational team that not only responds to security events, incidents, and triggers, but also hunts for anomalous, suspicious, and potentially unwanted activities within our customers environments.

We Partner with industry leaders to provide our services and to provide you with a broad technical skillset, certifications, and experience.

This is an exciting time of growth, and our driven team need to grow to meet the increased demand and activity.

About the Role

The Cybersecurity Threat Hunter is a key part of Datacom's Incident Response Team (CSIRT) within the Cyber Defence Operations Centre (CDOC). You will be responsible for developing and executing threat hunt missions.

Your will work closely with colleagues from the Incident Response, Threat Intel and Security Analysts teams to help us locate and respond to previously undetected adversary activities.

What you’ll do

• Develop hunt missions using attack modelling techniques and knowledge of relevant adversary tactics and techniques to build your hunt hypothesis.
• Identify data requirements and prerequisites for the hunt, assess how they match to available data-sources and work with CDOC colleagues and Customer teams to address any potential collection gaps.
• Gather data needed to test the hunt hypothesis and validate completion of collection and search activities.
• Analyse the output of the search activities to test the original hunt hypothesis; revising or pivoting your approach based on the results of the analysis.

• Work with colleagues from the CSIRT and Security Operations Centre (SOC) team to initiate incident response procedures and where required support CSIRT Incident Response engagements, working under direction of the Incident Commander or Incident Responders.
• Build and update threat detection rules based off each hunt, engaging with our SOC and Automation specialists to optimise future detection and alerting.
• Produce Hunt Reports and brief stakeholders on the hunt findings, including opportunities to improve security controls and posture.
• Work with members of our Threat Intelligence team to ensure the Hunt Team’s intelligence requirements are understood and delivered.

What you’ll bring

• The mindset of a hunter! We are looking for someone who loves the chase and thrill of searching for previously undetected adversary behaviour.
• A strong understanding of current and emerging attacker behaviours, tools, tactics and techniques that you will apply when building the hunt missions.
• A solid understanding of how and when to leverage appropriate frameworks such as Mitre ATT&CK, D3FEND and CAPEC, Unified Kill Chain and Diamond Model of Intrusion Analysis.

• Knowledge and experience of efficiently searching large datasets across multiple log sources and underlying platforms including XDR and SIEM products.
• Ability to conduct independent research to validate or supplement other sources of threat intelligence, indicators and feeds, including malware analysis in order to extract indicators of interest.
• Familiarity with coding and / or scripting skills such as Python, Powershell or KQL.
• Knowledge and familiarity of Splunk or Sentinel would be desirable.
• Proven experience in a technical IT or security operations role such as:

• Cyber Threat Intelligence / Cyber Threat Hunting
• Penetration Testing / Red-team
• Security Operations
• Digital Forensics / Incident Response
• Security Architecture

• IT Operations / Networks

The Finer Details

We have over 6,200 people across our global offices, and generate an annual revenue of over $1.2 billion, this makes us one of Australasia’s largest professional IT services companies. We have extensive expertise in operating data centres, providing IT services, software engineering and application management, as well as payroll and customer service design and operations. With this comes a long list of significant clients Datacom is committed to hiring, developing, and promoting the best talent from a diverse range of backgrounds. We are local at heart, yet world-class in capability.

If you are keen to be part of a great team, please apply online! All applications will be treated in the strictest confidence.

Due to the Nature of the Clients you will be working with you will need to be an NZ Citizen/Permanent Resident and have the ability to pass additional security clearances which will require you to have lived in a 5 eyes country for the last 5 years. We do however consider work visas for other opportunities across Datacom so please keep an eye on our careers page for any roles of interest.