CTI - CTH Lead Engineer

CTI - CTH LEAD EANGINEER

Important Information

Location: Singapore

JOB DESCRIPTION

Threat Hunting and Analysis

Conduct proactive threat hunting activities across various environments (endpoints, networks, cloud).

• Develop and maintain threat hunting hypotheses based on current threat intelligence and organizational risk assessments.

• Apply structured threat hunting methodologies leveraging frameworks such as MITRE ATT&CK, PEAK, TAHITI, THMM and Diamond Model to guide hypothesis creation, evidence collection

and iterative improvements.

• Deep technical knowledge of adversary tactics, malware analysis, intrusion detection and cloud security.

Tooling and Automation

• Familiar with EDR/XDR solutions, SIEM platform, data pipeline and threat hunting tooling to detect and disrupt adversary tactics.

• Develop custom scripts and tools to automate threat hunting processes and improve efficiency.

• Leverage various threat hunting techniques, including but not limited to, YARA rules, IOC analysis, and behavioral based analysis.

Incident Investigation

• Analyze security logs, network traffic, and endpoint data to identify malicious activity and potential threats.

• Investigate security incidents and provide detailed reports on findings, including root cause analysis and remediation recommendations.

• Collaborate with other security teams (incident response, vulnerability management, etc.) to share threat intelligence and coordinate security efforts.

Cyber Threat Intelligence (CTI)

• Develop and manage Cyber Threat Intelligence while staying up to date on the latest threat landscape, attack techniques, and emerging technologies.

• Map advisory behaviors to ATT&CK techniques and translate findings into actionable intelligence.

• Share actionable intelligence with internal teams and external stakeholders.

• Present findings and recommendations to technical and executive audiences.

Continuous Improvement

• Contributes to the development and improvement of threat hunting strategies, processes and playbooks aligning with PEAK and TAHITI cycles for structural threat hunting.

• Develop and maintain a strong understanding of the organization's infrastructure and applications to strengthen awareness of evolving threats and adversary behavior.

• Drive maturing of the overall security operations service

About Encora

Encora is a global company that offers Software and Digital Engineering solutions. Our practices include Cloud Services, Product Engineering & Application Modernization, Data & Analytics, Digital Experience & Design Services, DevSecOps, Cybersecurity, Quality Engineering, AI & LLM Engineering, among others.

At Encora, we hire professionals based solely on their skills and do not discriminate based on age, disability, religion, gender, sexual orientation, socioeconomic status, or nationality