As the leading French publisher and a key European player in the cybersecurity market, Stormshield is a subsidiary of Airbus DS Cyber Programme, offering innovative security solutions to protect networks, workstations, and data. To support our growth and search for new talent, we are recruiting a Threat Hunter.
Threat Hunter: Job Overview
- Position: Threat Hunter
- Team: Stormshield Customer Security Lab (SCSL)
- Type: Permanent Contract
- Location: Lyon, Paris (Issy-les-Moulineaux)
- Remote Work: Yes, up to 3 days per week
Threat Hunter: Experience and Skills
️⭐ Who we are looking for?
We are looking for a Threat Hunter, CTI analyst, specifically able to identify attackers' methodologies and track their infrastructure on the Internet. This role requires a good understanding of current threats and the ability to find needles in haystacks using services such as Onyphe. In addition to using your talents to protect our customers with our security products, you will also have the opportunity to express your writing skills through threat analysis articles published on our website. And if you enjoy sharing your knowledge and expertise in public forums or channels, we love it!
The appeal of this position is that all CTI work will be directly integrated into our security products to protect our customers in various sectors: government, healthcare, banking, etc. A wide range of threat types will be scrutinized.
You have at least 2 years of experience in Threat Hunting or cyber threat analysis.
✏️ What is the job description for the Threat Hunter?
- Identify prevalent threats to our customers and their industries (government, banking, healthcare, industrial, etc.). The threats sought are both tools (Cobalt Strike, etc.) and specific malicious actor groups;
- Create and maintain rules to identify, track, and monitor malicious infrastructure on the Internet using tools such as Onyphe, VT, Sekoia.io;
- Feed our CTI platform (MISP) with updated, relevant, and exploitable data for our security products;
- Share your expertise with the Cybersecurity Department and share your analyses with the rest of the company, as well as externally;
- Maintain a reference database of cyber actors or threats based on victimology deduced from our customers.
⚙️ Which environnements ?
- CTI tools: MISP, Onyphe or similar, VT, Sekoia.io;
- Internal tools: Sandboxing (Breach Fighter), honeypots;
- Versioning: Git, GitLab;
- Collaborative tools: Jira, Confluence, Zoom.
Threat Hunter: why choose Stormshield?
🔗 What team for the Threat Hunter?
You will join a team of about ten people, divided into specialized poles in CTI, reverse engineering, and product protection. You will be able to count on detection engineers, reversers, data scientists, and developers to support you in your threat hunting.
✔️ Recruitment Process
- A first exchange with William, in charge of recruitment, to discuss what you are currently doing and how to work together.
- A technical interview with Edouard, who will present the position, your future team, and the missions in more depth.
- A technical interview, always with Edouard and part of his team.
- An HR interview with Audrey, to present Stormshield in its entirety and all the benefits.