Job Description: Threat Hunter / Incident Responder

Employment Type: Full-time Location: Remote Australia Reports to: Manager, Hunt & Response Compensation Range: $175,000 to $190,000 AUD base plus bonus and equity

What We Do:

Huntress is a fully remote, global team of passionate experts and ethical badasses on a mission to break down the barriers to cybersecurity. Whether creating purpose-built security solutions, hunting down hackers, or impacting our community, our people go above and beyond to change the security game and make a real difference.

Founded in 2015 by former NSA cyber operators, Huntress protects all businesses—not just the 1%—with enterprise-grade, fully owned, and managed cybersecurity products at the price of an affordable SaaS application. The Huntress difference is our One Team advantage: our technology is designed with our industry-defining Security Operations Center (SOC) in mind and is never separated from our service.

We protect 3M+ endpoints and 1M+ identities worldwide, elevating under-resourced IT teams with protection that works as hard as they do. As long as hackers keep hacking, Huntress keeps hunting.

What You’ll Do:

The Huntress Global Hunting & Response team has the unique honor of waking up every morning knowing we will be kicking out threat actors. This team sits alongside our 24x7 Security Operations Center (SOC) team. It is a skilled team of individuals who review lower confidence signals and manage tactical incident response scenarios to aid customers out of critical intrusions. Members of this team will get to allocate their time across Hunting efforts and Response efforts.

• Hunting Mode: Research new attacker tradecraft, test new theories, and review hunting data at scale for millions of endpoints. While the SOC is responding to alerts within minutes, this team is developing detections and reviewing more ambiguous signs of attacker activity on a daily & weekly basis.
• Response Mode: Flex your incident response and forensics skills. When customers are experiencing the worst incidents of their lives, this team will step in to answer questions core to understanding the cause of an attack, the high-level activities of the attacker once in the environment, and providing remediation actions and recommendations which will help reduce or eliminate this threat occurring again in their environment.

If you love Threat Hunting, Incident Response, and Detection Engineering while in the environment and energy of a SOC, this is the role for you!

Responsibilities:

• Perform a cadenced review of hunting data to identify compromises not found during standard SOC workflows.
• Research, develop, and test new hunting hypotheses in the form of new detections or analytics.
• Lead or support tactical incident response engagements for customers who already utilize Huntress MDR. Perform live analysis on systems to determine the root cause of an intrusion, and craft reports that summarize the intrusion with next steps to be taken.
• Perform regular rotations in the SOC to stay current and familiar with SOC day-to-day workflows.
• Perform intermediate malware analysis as part of hunting and response efforts.
• Perform OSINT as part of hunting and response efforts.
• Contribute to content creation efforts such as blogs, videos, podcasts, and webinars.
• Contribute back to community-driven projects and frameworks such as MITRE ATT&CK, HijackLIbs, and the LOLBAS Project.
• Speak with customers to explain or summarize findings from investigations.

What You Bring To The Team:

• 3-5 years working in one or more of the following: SOC, MDR, Threat Hunting, or Incident Response role.
• Experience leading or participating in Incident Response engagements for external customers.
• Experience with tools such as osquery, Velociraptor, or leveraging EDRs to perform forensic artifact analysis on systems.
• Confident command of forensic tools - such as Eric Zimmerman’s EZ tools, R...