If you are looking for big, global challenges, Information Systems (IS) is the place to be. ABB’s portfolio includes some of the most advanced power and productivity products and systems in the world. If you have the energy, discipline and intellectual firepower to succeed, you will find almost limitless opportunities to stretch your thinking, expand your horizons and build your skills as you work with people all over the world.
We are looking for candidates for the position of a Threat Hunter to identify threat actor activity as quickly as possible and turn threat intelligence into actionable alerts.
You will be part of ABB Security Operations Center (SOC) reporting functionally to Security Engineering and Threat Intelligence Team Leader.
Your responsibilities
- Develop advanced methodologies to identify threat actor groups and associated tools, techniques and procedure.
- Analyze large and unstructured data sets to identify trends and anomalies indicative of malicious activities.
- Provide situational awareness on the current threat landscape and the techniques, tactics and procedures associated with specific threats.
- Perform the full threat hunting cycle, including the development of EDR detection rules.
- Develop automation and orchestration use cases in a SOAR (Security Orchestration and Automation Response).
- Live ABB’s core values of safety and integrity, which means taking responsibility for your own actions while caring for your colleagues and the business.
Your background
- Experience in a Security Operations Center or similar environment tracking threat actors or responding to incidents.
- Experience in writing automation scripts (PowerShell, Python or other).
- Awareness of frameworks such as Mitre ATT&CK and NIST and how they can be applied effectively within an enterprise.
- Knowledge of current hacking techniques, vulnerability disclosures, data breach incidents, and security analysis techniques.
- Experience in Log and Event analysis as well as correlation of very large datasets.
- Fluent English language skills (spoken and written).
- Relevant Technical Security Certifications (GIAC, CISSP, SSCP, EC-Council, Offensive Security, etc.) is a plus.