CLEAR makes life easier & more secure by using biometrics your fingerprints, eyes & face to confirm that you are you, & keep you moving. Imagine a world where you can do virtually everything you need to breeze through the airport, buy a beer at the game, check-in at the doctors office, access your office building, & more without ever pulling out your wallet or phone. Now in 45+ airports & other venues nationwide, you are your ID, credit card, ticket, reservation & more with CLEAR.
Were defining & leading an entirely new industry, moving quickly with data-informed decisions, obsessing over our customers, & investing in great people to lead the way. Recently named on CNBCs Disruptor 50 List & winner of the SXSW Interactive Innovation Award, were working tirelessly to create frictionless customer experiences for our 3+ million members across the country.
We are looking for a Senior Threat Hunting Analyst to join our team. The ideal candidate has a strong drive to solve security challenges & the desire to implement best-in-class security measures using cutting edge technology. The right person for this role has a proven track record of delivering high-quality security solutions in a scaling environment.
What You Will Do:
- Support the incident response team by providing advanced analysis services when requested to include recommending containment & remediation processes, independent analysis of security events.
- Implement new detection capabilities & improve upon existing security tools.
- Review audit logs & identify/audit behavior.
- Create & disseminate summary reports, investigation reports, & threat briefs.
- Recommend remediation activities to secure the source or initial point of access of intrusion.
- Provide cyber threat intelligence collection & correlation in coordination with a cyber-threat team.
- Profile & track APT actors that pose a threat in coordination with threat intelligence support teams.
- Provide targeted attack detection & analysis, including the development of custom signatures & log queries & analytics for the identification of targeted attacks.
- Develop & execute custom scripts to identify host-based indicators of compromise.Determine scope of intrusion identifying the initial point of access or source.
- Provide executive level cyber security strategic recommendations along with security engineering recommendations & custom solutions to counter adversarial activity.
- Develop analytics to correlate IOCs & maximize threat detection capabilities based off defense analysis processes. Conduct analysis of network traffic & host activity across a wide array of technologies & platforms
- Assist in incident response activities such as host triage & retrieval, malware analysis, remote system analysis, end-user interviews, & remediation efforts.Compile detailed investigation & analysis reports for internal SOC consumption & delivery to management
- Track threat actors & associated tactics, techniques, & procedures (TTPs). Capture intelligence on threat actor TTPs & develop countermeasures in response to threat actors
- Analyze network traffic, IDS/IPS/DLP events, packet capture, FW logs,malicious campaigns & evaluate the effectiveness of security technologies
- Provide expert analytic investigative support of large scale & complex security incidents
- Perform Root Cause Analysis of security incidents for further enhancement of alert catalog. Review alerts generated by detection infrastructure for false positive alerts & modify alerts as needed
- Provide forensic analysis of network packet captures, DNS, proxy, vpcflow, malware, host-based security & application logs, as well as logs from various types of security sensors
Who You Are:
- Bachelors degree in Computer Science, Information Systems Management, Engineer or related field
- 4+ years of experience with the incident response process, including detecting advanced adversaries, log analysis using SIEM, & malware triage
- Experience with packet analysis & usage of deep packet inspection toolsets.
- Knowledge & experience working with the Cyber Kill Chain Model, Diamond Model or MITER ATT&CK Matrix
- Familiarity with EDR/SOAR/Anomaly detection solutions.
- Experience with Splunk & Splunk Enterprise security.
- Strong usage of scripting languages for automation, such as Python, Powershell, Bash.
- Experience with Security Operations.
- A working understanding of cloud security,mobile security,container security.
- Experience with APT/crimeware ecosystems