The Sr. Cyber Security Threat Hunter will be a key member of the US Cellular Enterprise Security team and will be responsible for participating in threat actor based investigations, creating new detection methodologies, and provided expert support to incident response and monitoring functions. The focus of the Threat Hunter is to detect, disrupt and the eradication of threat actors from enterprise networks. To execute this mission, the Threat Hunter will use data analysis, threat intelligence, and cutting-edge security technologies.
- Coordinate threat hunting activities across the network leveraging intelligence from multiple internal and external sources, as well as cutting-edge security technologies
- Design and build custom tools for investigations, hunting, and research
- Assist in the design, evaluation, and implementation of new security technologies
- Lead response and investigation efforts into advanced/targeted attacks
- Hunt for and identify threat actor groups and their techniques, tools and processes
- Identify gaps in IT infrastructure by mimicking an attacker’s behaviors and responses
- Provide expert analytic investigative support of large scale and complex security incidents
- Perform Root Cause Analysis of security incidents for further enhancement of alert catalog
- Continuously improve processes for use across multiple detection sets for more efficient Security Operations
- Document best practices with the USCC staff using available collaboration tools and workspaces
- Review alerts generated by detection infrastructure for false positive alerts and modify alerts as needed
- Develop dashboards and reports to identify potential threats, suspicious/anomalous activity, malware, etc.
- Provide forensic analysis of network packet captures, DNS, proxy, Netflow, malware, host-based security and application logs, as well as logs from various types of security sensors
- A passion for research, and uncovering the unknown about internet threats and threat actors
- BS in Computer Science or related field, or equivalent experience
- Industry Cyber Security Certifications including; CEH, CISSP-ISSEP, CISSP-ISSAP, GIAC Certified Incident Handler (GCIH), Certified Computer Security Incident Handler (CSIH), Splunk Certified Knowledge Manager, Splunk Certified Admin, or Splunk Certified Architect.
- 5+ years of relevant cyber security experience in IT Security, Incident Response or network security with strong knowledge working in a SOC
- Experience with the incident response process, including detecting advanced adversaries, log analysis using Splunk, ELK, or similar tools, and malware triage
- Knowledge of the Cyber Kill Chain and the Diamond Model of Analysis
- Experience with creating automated log correlations in Splunk, ELK, or a similar tool to identify anomalous and potentially malicious behavior
- Experience with Netflow or PCAP analysis
- Experience with a common scripting or programming language, including Perl, Python, Bash or Shell, PowerShell, or batch
- Experience with the Windows file system and registry functions or *NIX operating systems and command line tools
- Knowledge of the underlying logic that security alerts are built upon and apply them when analyzing raw logs and creating new dashboards and alerts
- Knowledge of typical behaviors of both malware and threat actors and how common protocols and applications work at the network level, including DNS, HTTP, and SMB.
- Demonstrated knowledge of Linux/UNIX & Windows operating systems
- Demonstrated knowledge of the Splunk search language, search techniques, alerts, dashboards and report building.
- Experience with Snort, Bro or other network intrusion detection tools
- Detailed understanding of the TCP/IP networking stack & network technologies
- Working knowledge of full packet capture PCAP analysis and accompanying tools (Wireshark, etc.)
- Strong collaborative skills and proven ability to work in a diverse team of security professionals
- Strong organizational skills
- Strong verbal and written skills
- Excellent interpersonal skills
U.S. Cellular® is an EEO employer and gives consideration to qualified applicants without regard to race/color/age/religion/sex/sexual orientation/gender identity/national origin/disability/veteran status, pregnancy or genetic information.