This position is a highly technical role that will be responsible for reducing risk to advanced threats through daily “ hunting” of anomalous activity within systems and network across all Business Units. Reporting to the Manager of the Cybersecurity Advanced Threat team, this position will help implement the team’ s strategy through utilization of host and network based advanced threat security technologies. This team will utilize tools and resources provided to correlate suspicious events and provide analysis, context and assessment of risk/threat through continuous monitoring and “ hunting” for threats within the environment. The analysis from this role will play a key piece in the escalation of potential incidents, and this role will work closely with Cybersecurity Incident Response team to assist with the provision of evidence and technical details within investigations. Candidate must possess a strong background in a variety of security technologies covering both host and network-based proactive monitoring.
- Incident Discovery Activities: Lead a team to proactively “ hunt” for potential malicious activity and incidents across all Business Units. Utilize Threat Intelligence: Use both internal and external threat intelligence to build indicators of compromise into monitoring tools.
- Escalation Activities: Identify and perform escalations to the Cybersecurity Incident Response team.
- Incident Response Support: Support ongoing Cybersecurity Incident Response investigation through analysis, provision of evidence, and use of advanced threat tools.
- Lead proactive “ hunting” activities using advanced threat network and host-based tools
- Demonstrated and proven experience in Cybersecurity Incident Discovery and event management, Intrusion Prevention/Detection Systems, Firewalls, Content Filtering Technology, Data Loss Prevention, Configuration Management and Monitoring, End-Point Protection, Database Security and Log Collection and Analysis.
- Provide support in the detection, response, mitigation, and reporting of cyber threats affecting client networks with the ability to evaluate IT environments and identify security goals, objectives and requirements.
- Maintain and employ a strong understanding of advanced persistent threats, continuous vulnerability assessment, response and mitigation strategies used in Cybersecurity operations.
- Maintenance, monitoring and analysis of audit logs with a strong ability to perform in-depth security forensics and analysis to effectively identify suspicious activity by detecting, tracking and remediating malicious code.
- Strong working knowledge of security-relevant data, including network protocols, ports and common services, such as TCP/IP network protocols and application layer protocols (e.g. HTTP/S, DNS, FTP, SMTP, Active Directory etc.)
- Experience with reverse engineering malicious files or code
- Experience with Python, Perl, Bash, PowerShell a plus
- Ability to work independently and take ownership of projects and initiatives
- B.A. or B.S. from a four year accredited university or relevant security related experience
- 3+ years relevant work experience in IT Security, regulatory compliance, risk management, incident response or network security with strong knowledge working as part of a SOC team
- CISSP, GCIA, GCIH, GPEN, CEH not required, but a plus.