Threat Hunting Lead

Security, IT, ISO, CISSP, Python, Apache, Windows, Linux, TCP, IP
Full Time

Job Description

Are you an experienced information security professional with high-impact leadership skills? Are you seeking a challenge within a growing business? As a threat hunt and intelligence lead, you will be a key member of the Information Security Operations team. This new role within the recently transformed Information Security team will be critical to the performance of Commonwealth's operational capabilities. You will be defending our infrastructure as well as the security and privacy of the clients that we serve. A key function of this role is to help identify and aggressively pursue potential infrastructure security threats. You will work collaboratively with the Information Security team to ensure that solutions and services are designed and adopted effectively.

Our vision is to be recognized as a leading information security function within the financial sector. We strive to be a trusted partner who exceeds expectations by delivering indispensable and reliable services to our advisors, customers, and communities.

Key responsibilities
  • Hunting actively for indicators of compromise (IOC) and APT tactics, techniques, and procedures (TTP) in the network and in the host, as necessary
  • Searching network flow, PCAP, logs, and sensors for evidence of cyberattack patterns, and hunting for advanced persistent threats (APT)
  • Creating detailed incident reports and contributing to education in collaboration with the appropriate team
  • Collaborating with the security operations center (SOC) and analysts to contain and investigate major incidents
  • Providing simple and reusable hunt tactics and techniques to a team of security engineers, SIEM specialists, and SOC analysts
  • Working with leadership and the engineering team to improve and expand available tool sets
  • Analyzing network perimeter data, flow, packet filtering, firewalls, and IPS/IDS to create and implement a concrete plan of action to harden the defensive posture
  • Monitoring open source and commercial threat intelligence for IOCs, new vulnerabilities, software weaknesses, and other attacker TTPs
  • Performing scoped and open-ended vulnerability assessments on internal and external-facing systems
  • Proactively analyzing and reviewing external threat intelligence reports and determining relevance for Commonwealth and our stakeholders by evaluating content for future mitigation or detection
  • Producing actionable intelligence in the form of alerts, reports, and briefings
  • Attending and contributing to regular meetings with internal teams and external threat intelligence partners and vendors to maintain a common operating picture of the security threat landscape
  • Using premium threat intelligence tooling to enrich indicators of compromise and pivot to additional threat-related infrastructure and tooling

Core strengths
  • Experience with securing and hardening IT infrastructure
  • Demonstrated or advanced experience with computer networking and operating systems
  • Experience with operational security, including SOC, incident response, malware analysis, and IDS/IPS analyses
  • Ability to analyze malware, extract indicators, and create signatures in Yara, Snort, and IOCs
  • Strong analytical skills and the ability to effectively research, write, communicate, and brief to varying levels of audiences, including at the executive level
  • Strong knowledge on the current state of security adversary tactics and trends
  • Experience with and understanding of Splunk search language, search techniques, alerts, dashboards, and report building

Additional skills and knowledge
  • Bachelor's degree in information systems or a related discipline, or equivalent training
  • 5+ years of related work experience in a threat hunt, penetration testing role
  • Understanding of the best practices, control frameworks, and applicable existing and new legal/regulatory requirements (e.g., SEC Regulation S-P, FINRA cybersecurity recommendations, data privacy and breach notification laws, ISO 27001, NIST CSF and SP 800-53, CIS, CSA CCM, and PCI DSS)
  • Active Top Secret with the ability to obtain an SCI
  • Certifications desired: CISSP, SANS GCTI, CCSP, GCFA, GCFE, GREM, GNFA, or OSCP certification
  • Demonstrated proficiency with regular expression and scripting languages, including Python or PowerShell
  • Demonstrated proficiency with data hunting, including ELK, Splunk, Apache Spark, or Azure
  • Familiarity with NetFlow data, DNS logs, proxy logs
  • Experience with network hunting, including Bro Logs, NetFlow, PCAP, or Palo Alto firewalls
  • Knowledge of Windows and Linux operating systems and command line
  • Knowledge of the TCP/IP networking stack and network IDS technologies

Picture Yourself Here

Imagine keeping company with big thinkers and even bigger doers who share a common purpose to make a profound difference. Figure in an experience-it-to-believe-it culture, massive growth potential, and benefits galore, and you get the full impression.

At Commonwealth, you'll find a pathway to your career. Discover opportunities for who you are today and where you see yourself tomorrow.

Have we piqued your curiosity? Can you see yourself thriving in this opportunity? Let's introduce ourselves.

Picture Yourself Here

Imagine keeping company with big thinkers and even bigger doers who share a common purpose to make a profound difference. Figure in an experience-it-to-believe-it culture, massive growth potential, and benefits galore, and you get the full impression.

We are committed to providing a supportive, equitable environment where you can bring your full, authentic self to your work every day and truly thrive in meaningful ways. Where you can be yourself and belong. Where you can build a career and find community.

At Commonwealth, everyone plays a part in our success story-and in building a more diverse and inclusive workplace, we are broadening our perspectives and capabilities. Together, our potential is limitless. Come join us on the pathway to a brighter future!
Dice Id : 10105282
Position Id : 463207
Originally Posted : 2 months ago
Have a Job? Post it