Enterprise Security Threat Hunter

MIB Group, Inc.

Jan 03

Enterprise Security Threat Hunter 

Department Name: Enterprise Security
Reports To (Job Title): CISO
Exempt or Non-Exempt: Exempt 

POSITION SUMMARY: The Enterprise Security Threat Hunter is a critical member of the Enterprise Security Team. As a Threat Hunter you will be the senior technical SME - subject-matter-expert on the team. The ideal candidate will have a well-rounded background in security defenses, offensive security knowledge, and the ability to think like an adversary. You will bring your security analysis, incident response, and threat intelligence skills to focus exclusively on Monitoring, Detection and Response activities. You will act as the top tier escalation point for all internal and external stakeholders in the investigation of security events. The Threat Hunter’s primary function is to review alerts from all security tools and managed security service providers (MSSPs), confirm/deny the validity of the alert, and coordinate investigation, containment and remediation activities. Work to prevent false negatives by ensuring all teams and tool owners thoroughly investigate alerts, provide detailed technical and investigation guidance frequently. The Threat Hunter’s secondary function is to proactively monitor Threat Intelligence sources and investigate MIB logs, systems, and security tools for indications of malicious behavior. This role will also develop and coordinate the implementation of new threat indicators leveraging existing security tools and custom scripts.

MINIMUM QUALIFICATIONS AND REQUIREMENTS:

  • Minimum 7 years experience in cross-functional information security disciplines. Experience can be concurrent. o Minimum 4 years experience in a Security Operation Center (SOC), Managed Security Service Provider (MSSP) or
SIEM Analyst role o Minimum 4 years experience with Network Security, IDS/IPS analysis, packet analysis o Minimum 4 years experience in End Point Security/End-Point Detection and Response (EDR) o Minimum 3 years experience in Incident Response/Forensic Analysis

  • Extremely organized, and able to complete regular, recurring tasks reliably, while adjusting priorities to emerging threat activity and/or changing business needs
  • Advanced Problem Solving Skills
  • Understanding of the Tactics, Techniques, and Procedures (TTPs) of Advanced Persistent Threat (APT) groups
  • Programming or scripting experience in any of the following: Perl, python, Vbscript, or PowerShell
  • Ability to work independently and in teams
  • Self-driven and fully accountable for independent effort
  • Excellent communication skills, ability to clearly articulate complex investigations in writing and verbally
  • Industry certification such as GCTI, GCIH, GCIA, GCFE, GCFA, GREM, OSCP, CEH
GENERAL DUTIES AND RESPONSIBILITIES:
(This is a representative list of the general duties the position may be asked to perform, and is not intended to be all-inclusive) 

  • Monitor alerts, detections or other indicators of compromise/attack from MIB’s information security solutions, including but not limited to: o Intrusion Detection/Prevention Systems o NextGen Firewalls o End-point Detection and Response Agents o Secure Email Gateways o Anti-Malware Platforms o Identity and Access Management o Data Leak Prevention o Network Access Control
o Internet proxy o Authentication Sources (AD) o Container Control Planes o Cloud Control Planes o Container Security Tools o Cloud Security Consoles

  • Monitor security platforms’ health for errors, misconfigurations, or performance alerts
  • Lead response and investigation efforts into all security events, and perform root cause analysis
  • Regularly collaborate with IT and System owners to investigate security incidents and improve monitoring.
  • Leverage SIEM and UEBA platforms by creating and executing search queries to perform threat hunting or conduct forensics analysis of detections
  • Maintain an understanding and awareness of the overall cyber threat landscape (advanced persistent threat groups, malware campaigns, botnets, hacktivism, DDoS attacks, geopolitical activities, etc.)
  • Monitor open source intelligence, daily email feeds, and other threat intelligence products in order to continually assess MIB’s defensive posture. Identify new open source intelligence (OSINT) sources.
  • Hunt for and identify threat actor groups and their tactics, tools, and processes in the MIB environment.
  • Maintain industry training by keeping up-to-date on security technologies, threats, and risk mitigation techniques
  • Ensure Incident Response processes are handled efficiently in a timely manner
  • Maintain contemporaneous notes of all investigations
  • Create Incident Reports at the direction of the CISO and Legal Counsel
  • Coordinate and share information with other teams including IT and Enterprise Security
  • Provide inputs for Key Performance Indicators (KPIs) to help determine the effectiveness of security controls
  • Perform all of the above in a diverse environment including Cloud (IAAS/SAAS), On-Premise, and Legacy Systems.
TIME ALLOCATION: 

  • 30% monitoring security events, alerts, tool health, and coordinating response with tool owners
  • 30% threat intelligence gathering, monitoring industry news, threat feeds, etc
  • 30% proactively search logs, systems, and tools for malicious activity
  • 10% administrative, documenting findings, meetings
OTHER MATERIAL INFORMATION: (attach additional pages if necessary)

All Associates (whether full-time, part-time, or temporary), Interns, Subcontractors, and Service Providers are to follow the Information
Security Program to:

  • Ensure the security of Protected Information;
  • Protect against anticipated threats or hazards to the security or integrity of Protected Information; and
  • Protect against unauthorized access to or use of Protected Information in a manner that creates a substantial risk of a security breach, identity theft or fraud. Associates must contact the Help Desk immediately in the event of or suspicion of a security event (e.g., lost or stolen equipment, sensitive information disclosure, etc.)
This job description does not include a comprehensive list of all duties the associate may be asked to perform in the course of the business day or may be assigned as part of the position. Other duties may be assigned as appropriate based on MIB business needs. 

Job Type: Full-time

Benefits:

  • 401(k)
  • 401(k) matching
  • Dental insurance
  • Disability insurance
  • Employee assistance program
  • Employee discount
  • Flexible schedule
  • Flexible spending account
  • Health insurance
  • Life insurance
  • Paid time off
  • Parental leave
  • Professional development assistance
  • Tuition reimbursement
  • Vision insurance
Supplemental Pay:

  • Bonus pay
Work Remotely:

  • Yes