Threat Hunting Specialist

MSC Mediterranean Shipping Company is a global leader in the shipping and logistics sector. Founded in 1970 and headquartered in Geneva, Switzerland, MSC is a privately-owned organization driven by the Aponte family. Evolving from a one vessel operation, today MSC is a globally respected business with a fleet of 730 vessels and more than 150,000 staff. With an international integrated Network of road, rail, and sea transport resources - the company prides itself on delivering global Service with local knowledge. Represented in 155 countries, MSC ensures that shippers can talk directly to our representatives, as well as using a variety of e-business solutions for digitalized cargo bookings. Responding to the needs of our customers, MSC is a major driving force behind the evolution of smart containers in our industry, helping to set the standards for digital shipping.
The Global Information Technology (IT) Department of Mediterranean Shipping Company (MSC) is actively working on rationalizing and streamlining the diverse technological landscape within the Group. This ongoing initiative bears many aspects and lead to many projects mobilizing the overall workforce of the company

**Threat Hunting Specialist**:
The Threat Hunting Specialist mission is to proactively search and investigate for cyber threats that are undetected in our network. Cyber threat hunting digs deep to find potential malicious actors in our environment that have bypassed our initial security defenses and that, after sneaking in, can potentially remain quietly in the network to collect sensitive data.

The Threat Hunting Specialist has the technical capabilities and investigative spirit needed to detect those adversaries that were successful in evading an organization’s defenses, and to stop the advanced persistent threats from remaining in the network. Threat Hunting Specialist works together with the other Cyber Security areas, mainly with the SOC area, Threat Intelligence, Blue and Red teams, to share information related to insights into adversary infrastructure, to define detection rules to improve our defense strategies. In summary:
Identify and monitor main relevant threat intelligence resources
Study threat actors’ behaviour and their TTPs (tactics, techniques, and procedures)
Identify new trends in the malware kill chain
Investigate different type of threat indicators to detect, in a proactive way, cyber threats that can stealthily remain in our network
Contribute to the definition of alerting rule to recognise and block cyber threats
Create new ways of finding threats while improving the detection of advanced threats
Contribute to improve security awareness.

Key Responsibilities

Contribution
Continuously improve our threat intelligence resources and our internal practices for their profitable usage
Monitor cyber security trends and cyber risk scenarios
Analyse threat actors TTP and understand adversary tendencies and trends
Proactively identify cyber threats that are lurking undetected in our networks
Investigate and develop detection patterns across a broad range of technology and log sources looking for trace of infections in our company
Elaborate detection pattern and actionable Indicator of Compromise (IoCs) for immediate response/blocking in our company
Generate rule sets or other automations to alert on future similar activity
Produce documentations
Support management with the execution of information security strategy and roadmap
Stay current with emerging technology trends and tools
Contribute to the evolution and improvement of our security infrastructure and defences.

Additional Responsibilities
Provide timely, complete and accurate responses to the requests coming from IT Security Managers, giving positive and constructive contributions
Complete ad hoc tasks and projects as required by the Company
Incorporate good practices and quality processes in activities and Projects
Participate in the promotion of the IT security good practices and policies among the business.

Qualifications and Experience
(P) = Preferred, (R) = Required

**General**:
Five years’ experience in IT Security Position (P)
Degree in Computer Science or related technical degree (R)
Must be team oriented and at the same able to work with limited supervision (R)
Ability to identify priorities and ensure that work is completed within timeframes (R)
Strong verbal and written communication skills, a sense of diplomacy, and
decision making skills to handle the often fast-paced role of an incident handler (R)
Security Certifications (CISSP, CISM,..) (P)
Ability to maintain a steady sense of calm during tense situations (P)

**Technical**:
Security components (firewall, WAF, log management, NAC, IPS, IDS, HIDS, SIEM ) (R)
IT infrastructure background (R)
Working knowledge of networking, secured communications (R)
System/Application/Network vulnerabilities and their exploitation (R)
Cloud technology (SaaS, IaaS, PaaS) and associated security threat inve