Threat Hunt Specialist – Cyber Defence Unit

The Swedish Armed Forces are in an expansion phase and on a significant growth journey. The Armed Forces' cyber defence is an integrated part of the military defence and constitutes a military-strategic resource. The cyber defence has the capability to conduct offensive and defensive cyber operations, as well as to detect, identify, and counter threats from the most qualified actors. The effects of a cyber attack can have consequences for critical societal functions equal to those of a conventional armed attack.

Do you want to defend Sweden and our right to live as we choose in a digitized world?

Attacks against computers and servers occur over the internet on an ever-increasing scale worldwide. The Swedish Armed Forces, as an authority, are in constant development, where our main task is to safeguard Sweden's inviolable freedom. We are prepared to do what is necessary, even in the most difficult times.

2nd Cyber Defence Unit (2. CFF) is therefore now looking for a specialist in threat hunting. If you have an analytical mindset and have worked for several years with hypothesis-driven hunting for adversaries who have infiltrated IT systems, this could be something for you.

Main Responsibilities

Within the Cyber Defence, we always want to be at the forefront of innovation and contribute to a safer Sweden through our actions. In this role, you will have the opportunity to drive and develop the cyber defence's capability for hypothesis-driven hunting. In the role, you will also contribute to the development of technical solutions to meet the unique needs of the cyber defence, which may involve method, technology, and tool development.

The tasks we face as a team must be solvable both in peace and war, which means physical training is a natural part of the job (the employer provides 3 hours of work time per week for physical training).

As a threat hunt specialist, your duties include:

• Developing hypotheses to conduct proactive cybersecurity in designated IT systems.
• Developing and creating detection methods adapted to the TTPs (Tactics, Techniques, and Procedures) of various adversaries.
• Implementing, administering, and improving methods for hypothesis-driven hunting.
• Mentoring junior colleagues.

Qualifications

• University education in IT or equivalent knowledge that the employer finds relevant.
• Documented work experience in the relevant field for at least 5 years.
• Category B driver's license.

Merits

• Completed basic military training.
• Experience working with IT infrastructure, both public and isolated environments.
• Experience working within incident response.
• Knowledge and experience of CTI (Cyber Threat Intelligence) and detections.
• Knowledge and experience in working with NIST Special Publication 800-53.
• Well-versed in MITRE ATT&CK.

Skills in:

• Host-based forensics
• Network forensics
• Malware analysis

Personal Qualities

We see that you, as an applicant, have a high level of security awareness. We place great emphasis on qualities such as creativity and being solution-oriented. You are curious and keep yourself updated in your field. You collaborate easily and value the strength of working as a team towards common goals. To thrive and be part of the team, you need to be unpretentious, have the drive to solve challenges with incomplete information, and to maintain Sweden's security.

What We Offer You

An important and stimulating job where you contribute to Sweden's security. Within the Swedish Armed Forces' cyber defence, you are offered continuous competence development so that you can further develop in your role and get the prerequisites needed to succeed in your mission.

The work also includes continuous basic military capability, as our personnel hold combatant status. Those who lack basic military training will undergo the Swedish Armed Forces' general military training (AMU) with the aim of obtaining a basic understanding of military operations and personal skills. A workplace characterized by strong camaraderie and a large focus on balance between work and private life.

Other Requirements

You should not tell other people besides those directly concerned that you have applied for a position at 2nd Cyber Defence Unit. The reason we ask you to be discreet with the information is that there are positions at the unit covered by secrecy. Swedish citizenship is required for employment with the Swedish Armed Forces. Employment entails national and international work obligations. The position has combatant status, which means you must be able to handle and use weapons. You will receive this training with us. A security clearance with register check will be conducted before employment. The selection process will be supplemented with work psychological tests.

Employment Type: Permanent position, with a 6-month probationary period for those not currently employed by the Swedish Armed Forces.

Location: Linköping

Start Date: By agreement

If you want to know more about the position, you are welcome to contact us at: [email protected]

We welcome your application by August 9th. Your application must include a CV and a cover letter describing how you meet our required qualifications. Send your application to: [email protected], reference 2614. OBS! The application instructions below are incorrect; use the email. Applications for this position will only be received via the Swedish Armed Forces' website.

Information about the recruiting unit:
The Chief of Defence and the Director General are located at the Headquarters. The Headquarters has approximately 1,000 employees – both professional officers and civilian experts. From 2023-01-01, the Headquarters consists of the Defence Staff, the Operations Command, the Military Intelligence and Security Service, as well as the Headquarters Staff Department and independent oversight units.

Employment with us involves placement in a security classification. Swedish citizenship is usually required. A security clearance with register check will be conducted before employment according to Chapter 3 of the Security Protection Act. Employment entails an obligation to be war-placed. The employment also includes an obligation to serve abroad. The meaning of this varies depending on the type of position. A CV and cover letter must be attached to the application for employment. If you proceed in the employment process, certified copies of grades and certificates must always be presented. Calls from external recruitment agencies and salespeople are declined.