ThreatLocker is a global leader in Zero Trust endpoint security. The ThreatLocker Zero Trust Endpoint Protection Platform combines Application Allowlisting, Ringfencing, Network Control, Storage Control, Elevation Control, and Endpoint Detection and Response solutions in ways that make security simple for the IT professional.
ThreatLocker utilizes a deny by default approach that blocks all software, including ransomware, from running unless it is explicitly allowed. Since its founding in 2017, ThreatLocker has been recognized as one of the best cybersecurity protection platforms that now includes EDR, MDR, and compliance-friendly controls and monitoring.
Job Summary
The Threat Analyst is responsible for identifying, investigating, and responding to cyber threats, vulnerabilities, and security incidents, as well as conducting adversary simulations to test and improve system resilience.
Key Responsibilities
Threat Detection & Monitoring: Monitor security tools (SIEM, IDS/IPS, EDR) for suspicious activity. Analyze alerts and data to identify threats.
Incident Response: Lead and participate in security incident response. Develop incident handling processes and create post-incident reports.
Tool Development & Automation: Develop automated tools and scripts. Maintain and enhance detection tools, including custom SNORT, SIGMA, and YARA rules.
Security Investigations: Conduct forensic analysis and threat hunting. Review logs to uncover unauthorized activities.
Adversary Simulation: Design and execute adversary simulations. Develop scenarios based on real-world TTPs and provide detailed reports.
Red Team Operations: Plan and execute red team engagements. Simulate advanced threats to evaluate security posture.
Internal Security Research: Research emerging threats and vulnerabilities. Develop internal security tools and share insights with the team.
Penetration Testing: Conduct penetration tests on platforms, applications, and networks. Identify and document vulnerabilities.
Collaboration & Reporting: Collaborate with cross-functional teams. Prepare and present detailed reports on testing outcomes to senior analysts and team leads.
Key Skills & Qualifications
Education: Bachelor's degree in information security, Cybersecurity, Computer Science, or related field (or equivalent experience).
Experience: 3+ years in a security-focused role.
Technical Skills: Familiarity with SIEM, EDR, IDS/IPS systems; scripting languages (Python, PowerShell, Bash); custom SNORT, SIGMA, and YARA rule creation.