Threat Architect - Global Threat Operations
Trustwave is a leading cybersecurity and managed security services provider focused on threat detection and response. We uncover threats that others can’t and respond quicker than others can to protect against the devastating impacts of cyberattacks. We’re a world-class team of cyber consultants, threat hunters and researchers serving clients in 96 countries. At Trustwave, you can learn alongside the best, make a personal impact on a global scale, and solve new challenges every day. Learn more about us at https://www.trustwave.com.
The Threat Architect position is part of the SpiderLabs Threat Fusion team. This is a global team of threat hunting and threat intelligence experts committed to identifying malicious or risky behavior within our client networks and to tracking cybercrime/APT threat actor activity from across the globe. The threat architect is a key position to work closely with clients, conduct threat hunts, and interface with other teams within the company.
While technical expertise is a primary qualification, this position also requires excellent communication skills and business acumen. The selected candidate will frequently meet with top level executives from Fortune 500 global companies, to explain value proposition, and to deliver threat hunting findings, as well as creating formal technical reports.
Where active breaches are discovered, this team member will also be a primary member of the breach response team, working closely with forensic investigators, malware reverse engineers, and cyber threat intel analysts, to ensure malicious actors are rapidly removed and networks are properly remediated.
Specific focus for this role will include:
- Threat Hunting
Perform Proactive and Continual Threat Hunts for Trustwave clients. Conduct hunting, investigation, containment, reporting, and client engagement related to hunting activities utilizing Trustwave’s proprietary threat hunting platform. Contribute use-case development and detection strategies to further improve Trustwave’s proprietary threat hunting platform. Work closely with the engineering team to lead the integration of Trustwave SpiderLabs Threat Hunt platform with the GTDB (Global Threat Database), and the Trustwave Fusion portal. Incumbent must have a vision for “making intel actionable” for all Trustwave security analysts. Adding proper intelligence feeds / sources, scripting extraction of intel from various potential sources. Bring a vision to the team to improve our approach and utilization of threat intel and drive that vision to reality.
- Threat Intelligence Partnerships
Interface with security researchers from Trustwave partners, such as Palo Alto Unit 42, Carbon Black, and Cybereason. Determine joint projects and publications that can be prepared surrounding new and emerging threats that our team discovers, be a point person discussing threats with potential partners.
- Building Hunting Business
Support sales team to close major deals by clearly and concisely explaining the value and expected outcomes of a Trustwave threat hunt.
- Experience conducting incident response and computer forensic investigations.
- Malware analysis experience is also a major advantage.
- Experience conducting endpoint-based threat hunting.
- In-depth knowledge of Windows system administration and good network hygiene.
- Knowledge/experience with Windows/Linux/OSX security and investigations.
- Knowledge of various threat actor groups and TTPs they are known to utilize. Experience developing endpoint-based rules to detect such TTPs.
- Knowledge and experience implementing MITRE ATT&CK framework into hunting and detection mechanisms.
- Skilled speaker and able to communicate comfortably with senior security executives.
- Skilled writer, able to communicate both our service and emerging threat activity through written communication.
- A high school diploma or equivalent is required; a college or university degree is a plus.
This is a remote opportunity open to anyone legally authorized to work in Poland. Guided by our flexible workplace philosophy, Moments That Matter, people gather in the office when in-person interaction is most impactful; full-time remote employees may be asked to travel occasionally based on the needs of the team and the business.
To All Agencies:
Please, no phone calls or emails to any employee of Trustwave outside of the Talent Acquisition team. Trustwave’s policy is to only accept resumes from agencies via the Trustwave Agency Portal. Agencies must have a valid fee agreement in place and they must have been assigned the specific requisition to which they submit resumes, by the Talent Acquisition team. Any resume submitted outside of this process will be deemed the sole property of Trustwave and in the event a candidate is submitted outside of this policy is hired, no fee or payment of any kind will be paid.