Cyber Defense Sr Specialist Threat HunterAt SAP, we enable you to bring out your best. Our company culture is focused on collaboration and a shared passion to help the world run better. We focus every day on building the foundation for tomorrow and creating a workplace that embraces differences, values flexibility, and is aligned to our purpose-driven and future-focused work. We offer a highly collaborative, caring team environment with a strong focus on learning and development, recognition for your individual contributions, and a variety of benefit options for you to choose from.
About Us: Founded in 1972 in Germany, SAP stands as a global leader in enterprise software and cloud technology, serving businesses of all sizes across various industries. Renowned for its innovative solutions, SAP provides a comprehensive suite of software applications ranging from ERP (Enterprise Resource Planning) and CRM (Customer Relationship Management) to analytics and supply chain management.
SAP is seeking a Senior Cyber Threat Hunt analyst to run a world-class capability focusing on the most advanced and persistent threats SAP faces today. The Cyber Threat Hunt capability is aligned to SAP's Cyber Threat Intelligence (CTI) team and is an intelligence-driven capability focusing on identifying adversary behavioral tactics, techniques, and procedures (TTPs). The position of Senior Threat Hunter is responsible for analyzing and correlating large data sets to uncover novel threats and attack techniques that may be present within SAP's diverse and dynamic environments.
As a Senior Cyber Threat Hunter at SAP you will serve as the capability lead and proactively identify opportunities to develop analytical methods to detect advanced threat actors who utilize emerging tactics and techniques. The role will also include developing and documenting new and innovative threat hunt hypotheses to increase the team's ability to find existing threats that are otherwise going unidentified or undetected.
Key Responsibilities: Proactive Threat Hunting: Author custom detection analytics used to hunt behavioral TTPs identified via hypothesis generation and informed by actionable cyber threat intelligence.SIEM & Hunt Platform Expertise: Leverage Splunk and various multi-data hunt platforms to perform in-depth analysis of security logs, events, and alerts to uncover anomalous behavior and potential security breaches.Security Data & Logging: Expert knowledge of security technologies, including for cloud environments, and related data sets that enable cyber threat hunt operations including EDR, DNS, OS, AV, etc.Data Management: Direct experience working with large and complex datasets and log analysis tools including but not limited to: Splunk, Python, Pandas, SQL, Hadoop, Hue.Incident Response Support: Collaborate with incident response teams to investigate and respond to security incidents promptly and effectively.Stakeholder Engagement: Liaise with numerous stakeholders across various lines of business cognizant of the unique security and data considerations of each customer.Tool Development: Develop and maintain custom scripts, queries, and detection rules to enhance threat hunting capabilities.Threat Intelligence Integration: Integrate threat intelligence reporting and feeds into the threat hunting process.Documentation and Reporting: Document findings, analysis, and recommendations in clear and concise reports for both technical and non-technical stakeholders.Global Workforce: Ability to navigate and work effectively across a complex, geographically dispersed organization.Qualifications: Bachelor's degree in Computer Science, Information Technology, or related field (or equivalent work experience).Minimum of 7 years of experience in cybersecurity, with a focus on threat hunting, incident response, digital forensics, and/or cyber threat intelligence.Proven expertise in utilizing Splunk for log analysis, data visualization, and custom query development.Strong understanding of SIEM technologies and their role in cybersecurity operations.Experience with scripting languages such as SPL, Python, PowerShell, or Bash for automation and tool development.Excellent analytical and problem-solving skills with a keen eye for detail.Strong communication and collaboration skills, with the ability to effectively interact with both technical and non-technical stakeholders.Relevant certifications such as Splunk Certified User/Power User, GIAC Certified Incident Handler (GCIH), or equivalent certifications are a plus.
#J-18808-Ljbffr