Cybersecurity Threat Hunter

Our purpose
Here at Datacom, we connect people and technology in order to solve challenges, create opportunities and discover new possibilities for the communities we live in.
Our team
Our Cyber Defence Operation Centre (“CDOC”) runs across Auckland, Wellington and Brisbane from where we provide our full stack of Cybersecurity Managed services.
We Partner with industry leaders to provide our services and to provide you with a broad technical skillset, certifications, and experience.
This is an exciting time of growth, and our driven team need to grow to meet the increased demand and activity.
About the Role
The Cybersecurity Threat Hunter is a key part of Datacom's Incident Response Team (CSIRT) within the Cyber Defence Operations Centre (CDOC). You will be responsible for developing and executing threat hunt missions.
Your will work closely with colleagues from the Incident Response, Threat Intel and Security Analysts teams to help us locate and respond to previously undetected adversary activities.
What you’ll do
- Develop hunt missions using attack modelling techniques and knowledge of relevant adversary tactics and techniques to build your hunt hypothesis.
- Identify data requirements and prerequisites for the hunt, assess how they match to available data-sources and work with CDOC colleagues and Customer teams to address any potential collection gaps.
- Gather data needed to test the hunt hypothesis and validate completion of collection and search activities.
- Analyse the output of the search activities to test the original hunt hypothesis; revising or pivoting your approach based on the results of the analysis.
- Build and update threat detection rules based off each hunt, engaging with our SOC and Automation specialists to optimise future detection and alerting.
- Produce Hunt Reports and brief stakeholders on the hunt findings, including opportunities to improve security controls and posture.
- Work with members of our Threat Intelligence team to ensure the Hunt Team’s intelligence requirements are understood and delivered.

What you’ll bring
- The mindset of a hunter We are looking for someone who loves the chase and thrill of searching for previously undetected adversary behaviour.
- A solid understanding of how and when to leverage appropriate frameworks such as Mitre ATT&CK, D3FEND and CAPEC, Unified Kill Chain and Diamond Model of Intrusion Analysis.
- Knowledge and experience of efficiently searching large datasets across multiple log sources and underlying platforms including XDR and SIEM products.
- Ability to conduct independent research to validate or supplement other sources of threat intelligence, indicators and feeds, including malware analysis in order to extract indicators of interest.
- Familiarity with coding and / or scripting skills such as Python, Powershell or KQL.
- Knowledge and familiarity of Splunk or Sentinel would be desirable.
- Proven experience in a technical IT or security operations role such as:

- Cyber Threat Intelligence / Cyber Threat Hunting
- Penetration Testing / Red-team
- Security Operations
- Digital Forensics / Incident Response
- Security Architecture
- IT Operations / Networks

The Finer Details
Due to the Nature of the Clients you will be working with you will need to be an NZ Citizen/Permanent Resident and have the ability to pass additional security clearances which will require you to have lived in a 5 eyes country for the last 5 years. We do however consider work visas for other opportunities across Datacom so please keep an eye on our careers page for any roles of interest.