Founded in 2010, CLEARs mission is to create frictionless experiences. With more than 12+ million members & hundreds of partners across the world, CLEARs identity platform is transforming the way people live, work, & travel. Whether its at the airport, stadium, or right on your phone, CLEAR connects you to the things that make you, you - making everyday experiences easier, more secure, & more seamless. Since day one, CLEAR has been committed to privacy done right.
We are looking for a Senior Threat Hunting Analyst to join our team. The ideal candidate has a strong drive to solve security challenges & the desire to implement best-in-class security measures using cutting edge technology. The right person for this role has a proven track record of delivering high-quality security solutions in a scaling environment.
What You Will Do:
- Implement new detection capabilities & improve upon existing security tools & playbooks
- Review audit logs & identify/audit behavior
- Create & disseminate summary reports, investigation reports, & threat briefs
- Recommend remediation activities to secure the source or initial point of access of intrusion
- Collaborate with threat intelligence support teams to mitigate risk from contact & horizon threats
- Provide targeted attack detection & analysis, including the development of custom signatures & log queries & analytics for the identification of targeted attacks
- Develop & execute custom scripts to identify host-based indicators of compromise. Determine scope of intrusion identifying the initial point of access or source
- Provide executive level cyber security strategic recommendations along with security engineering recommendations & custom solutions to counter adversarial activity
- Develop analytics to correlate IOCs & maximize threat detection capabilities based off defense analysis processes. Conduct analysis of network traffic & host activity across a wide array of technologies & platforms
- Assist in incident response activities such as host triage & retrieval, malware analysis, remote system analysis, end-user interviews, & remediation efforts. Compile detailed investigation & analysis reports for internal SOC consumption & delivery to management
- Develop detection techniques & countermeasures in response to threat actor tactics, techniques, & procedures (TTPs)
- Analyze network traffic, IDS/IPS events, packet capture, FW logs, malicious campaigns & evaluate the effectiveness of security technologies
- Provide expert analytic investigative support of large scale & complex security incidents
- Support the incident response team by providing advanced analysis services when requested to include recommending containment & remediation processes, independent analysis of security events
- Perform Root Cause Analysis of security incidents for further enhancement of alert catalog. Review alerts generated by detection infrastructure for false positive alerts & modify alerts as needed
- Provide forensic analysis of network packet captures, DNS, proxy, vpcflow, malware, host-based security & application logs, as well as logs from various types of security sensors
- Provide executive level cyber security strategic recommendations along with security engineering recommendations & custom solutions to counter adversarial activity
Who You Are:
- Bachelors degree in Computer Science, Information Systems Management, Engineer or related field; equivalent experience considered
- 6 to 10 years of experience with the incident response process, including detecting advanced adversaries, log analysis using SIEM, & malware triage & identification
- Highly desired: Certifications such as OSCP or other recognized pentesting or threat hunting certs
- Knowledge & experience with digital forensic processes, chain of custody, & evidence preservation to include disk, file, memory, & network capture, imaging & analysis
- Experience with packet analysis & usage of deep packet inspection toolsets
- Knowledge & experience working with the Cyber Kill Chain Model, Diamond Model or MITRE ATT&CK Matrix
- Working knowledge of Advanced Persistent Threats & cyber crime TTPs
- Strong working knowledge of EDR & SOAR solutions
- Strong experience with Splunk & Splunk Enterprise security & possess the ability to apply analytical techniques to large data sets
- Strong experience with Azure & AWS cloud infrastructure/security
- Strong usage of scripting languages for automation, such as Python, Powershell, Bash
- Experience with Security Operations
- A working understanding of mobile & container security
#LI-Hybrid
|