Lead Threat Architect - Global Threat Operations

  • Category: Security Services
  • Team: Enterprise Customer Care
  • Location: Chicago, Illinois

Description

Trustwave is a leading cybersecurity and managed security services provider that helps businesses fight cybercrime, protect data and reduce security risk. Offering a comprehensive portfolio of managed security services, security testing, consulting, technology solutions and cybersecurity education, Trustwave helps businesses embrace digital transformation securely. Trustwave is a Singtel company and the global security arm of Singtel, Optus and NCS, with customers in 96 countries. For more information about Trustwave, visit https://www.trustwave.com.

 

The Lead Threat Architect position is part of the SpiderLabs Threat Fusion team.  This is a global team of threat hunting and threat intelligence experts committed to identifying malicious or risky behavior within our client networks and to tracking cybercrime/APT threat activity from across the globe. The lead threat architect is a key position to work closely with clients, conduct hunts, and interface with other teams within the company.

 

Responsibilities:

  1. Threat Hunting

Perform Proactive and Continual Threat Hunts for Trustwave clients.  Conduct hunting, investigation, containment, reporting, and client engagement related to hunting activities utilizing Trustwave’s proprietary threat hunting platform.  Contribute use-case development and detection strategies to further improve Trustwave’s proprietary threat hunting platform.

  1. MDR Escalation, Quality Control, and Mentor

Trustwave’s MDR Complete service provides remote incident response, forensic investigation, malware analysis, and containment actions, provided by our GTO security analysts.  A key element of this position will be to act as an escalation point for advanced investigations, provide quality control by monitoring outgoing MDR tickets and reviewing analyst investigations and reports for clarity, comprehensiveness, and appropriate actions.  This will require expertise in the Trustwave Fusion Platform and the supported EDR platforms (Cybereason, Palo Alto Cortex XDR, and Carbon Black).

  1. Threat Intelligence Engineer & Visionary

Work closely with the engineering team to lead the integration of Trustwave’s IFP platform with GTDB (Global Threat Database), and the Trustwave portal. Incumbent must have a vision for “making intel actionable” for all Trustwave security analysts.  Adding proper intelligence feeds / sources, scripting extraction of intel from various potential sources.  Bring a vision to the team to improve our approach and utilization of threat intel and drive that vision to reality.

  1. Threat Intelligence Partnerships

Interface with security researchers from Trustwave partners, such as Palo Alto Unit 42, Carbon Black, and Cybereason.  Determine joint projects and publications that can be prepared surrounding new and emerging threats that our team discovers, be a point person discussing threats with potential partners.

 

Requirements:

  • 3-5 years conducting incident response, computer forensic investigations, and/or malware analysis.
  • Experience conducting endpoint-based threat hunting.
  • In-depth knowledge of Windows system administration and good network hygiene.
  • Knowledge/experience with Windows/Linux/OSX security and investigations.
  • Knowledge of various threat actor groups and TTPs they are known to utilize.Experience developing endpoint-based rules to detect such TTPs.
  • Knowledge and experience implementing MITRE ATT&CK framework into hunting and detection mechanisms.
  • Skilled speaker and able to communicate comfortably with senior security executives.
  • Skilled writer, able to communicate both our service and emerging threat activity through written communication.

 

Education:

We prefer college educated applicants, but at minimum, high school diploma or equivalent is required for employment.

Trustwave is an Equal Opportunity Employer of Minorities, Females, Protected Veterans, and Individuals with Disabilities 

To All Agencies:

Please, no phone calls or emails to any employee of Trustwave outside of the Talent Acquisition team. Trustwave’s policy is to only accept resumes from agencies via the Trustwave Agency Portal. Agencies must have a valid fee agreement in place and they must have been assigned the specific requisition to which they submit resumes, by the Talent Acquisition team. Any resume submitted outside of this process will be deemed the sole property of Trustwave and in the event a candidate is submitted outside of this policy is hired, no fee or payment of any kind will be paid.

#VR

Share this opportunity

Trustwave is an Equal Opportunity Employer of Minorities, Females, Protected Veterans, and Individuals with Disabilities.

Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is headquartered in Chicago, with customers in 96 countries. For more information about Trustwave, visit www.trustwave.com.

To All Agencies: Please, no phone calls or emails to any employee of Trustwave outside of the Talent Acquisition team. Trustwave policy is to only accept resumes from agencies via the Trustwave Agency Portal. Agencies must have a valid fee agreement in place and they must have been assigned the specific requisition to which they submit resumes, by the Talent Acquisition team. Any resume submitted outside of this process will be deemed the sole property of Trustwave and in the event a candidate is submitted outside of this policy is hired, no fee or payment of any kind will be paid.