JSOC - Cybersecurity Specialist, Digital Threat Hunting

Questrade Financial Group • Brazil • 17h ago

What’s in it for you as an employee of QFG?

Health & wellbeing resources and programs
Paid vacation, personal, and sick days for work-life balance
Competitive compensation and benefits packages
Career growth and development opportunities
Opportunities to contribute to community causes
Work with diverse team members in an inclusive and collaborative environment

We’re looking for our next Specialist, Digital Threat Hunting. Could It Be You?

Your contribution delivering sustainable and measurable results in the following areas will be very important:

Identifying and taking down customer-facing and external digital threats - monitoring phishing sites, brand impersonation, typosquatting domains, and fraud campaigns targeting the organization and its customers. You will be primarily involved in investigating digital fraud patterns, coordinating takedowns with registrars and hosting providers, monitoring social media for brand threats, and maintaining relationships with external abuse teams and law enforcement. You will be working alongside internal customers and our vendor support teams to ensure we are utilizing our security tools in accordance with corporate policies and growing business needs. You will work closely with Cybersecurity and IT teams to align priorities and execute plans for new initiatives, as well as contribute to process improvements and build documentation for new tools.

Need more details? Keep reading…

You will:

Monitor for and identify phishing sites, typosquatting domains, and fraudulent web properties targeting the organization and its customers.
Coordinate and execute takedown requests with domain registrars, hosting providers, and platform abuse teams.
Monitor social media platforms for brand impersonation, fake accounts, and fraud campaigns targeting customers.
Track and investigate digital fraud patterns, credential harvesting campaigns, and customer-targeted scams.
Maintain relationships with external takedown service providers and law enforcement contacts for escalation of persistent fraud operations.
Provide intelligence on external threat actors and fraud TTPs to CTI Specialist for integration into the broader threat landscape.
Produce digital fraud metrics: phishing sites identified, takedown success rate, average time-to-takedown, social media impersonation cases resolved.
Collaborate with the Security Engineer on anti-fraud engineering tooling and automation for detection and takedown workflows.
Perform OSINT investigations on suspicious domains, registrants, and hosting infrastructure.
Analyze phishing kits and credential harvesting pages to understand attacker tactics and customer exposure.
Track dark web and underground forums for discussion of fraud campaigns targeting the organization and its customers.
Document takedown requests, outcomes, and lessons learned for continuous improvement of fraud prevention workflows.
Monitor threat feeds and external intelligence sources for emerging fraud TTPs and threat actor activity.
Coordinate with customer support and fraud response teams to assess customer impact and provide incident guidance.
Support communication with customers affected by phishing, impersonation, or fraud campaigns.
Maintain awareness of regulatory requirements and industry standards related to brand protection and fraud prevention.
Mentor junior analysts on OSINT techniques, phishing analysis, and digital fraud investigation methods.
Communicate digital fraud findings, trends, and recommendations to technical and non-technical stakeholders.
Track and report on digital threat hunter program metrics (cases handled, investigation turnaround time, threat intel shared).

So are YOU our next Specialist, Digital Threat Hunting? You are if you have…

3+ years of relevant experience in threat intelligence, OSINT, digital fraud investigation, or security operations.
Experience with OSINT techniques, tools, and methodologies for investigating external threats and digital fraud.
Practical experience with phishing kit analysis, credential harvesting page identification, and fraud pattern recognition.
Experience with brand protection and monitoring platforms for detecting impersonation, counterfeiting, and fraud campaigns.
Experience coordinating takedown requests with domain registrars, hosting providers, and social media platforms.
Experience investigating and tracking digital fraud TTPs, credential harvesting, and customer-targeted scams.
Strong understanding of domain registration, DNS, WHOIS, and internet infrastructure fundamentals.
Knowledge of social media platforms, fraud detection indicators, and brand impersonation identification.
Knowledge of dark web monitoring tools, underground forums, and threat actor communication channels.
Knowledge of fraud frameworks, anti-fraud platforms, and industry standards for brand protection and customer safety.
Experience with dark web monitoring and threat intelligence platforms.
Scripting skills (Python) for OSINT automation.
Active participation in fraud prevention and brand protection communities.