As a member of Fiserv’s Threat Simulations & Countermeasures team, the Cyber Threat Hunter will be part of a team that plays a critical role in the continuous monitoring of cyber attacks. The successful candidate will be responsible for hunting through large data sets to detect advanced threats that evade detection capabilities of traditional controls. Threat hunters work in conjunction with Cyber Intelligence and Threat Simulation teams to fully understand offensive options, forensic remnants, and correlation of seemingly benign events to expose complex attacks. The Cyber Threat Hunters will also work on developing custom scripts and tools to assist in the monitoring and enrichment efforts using large sets of cyber security relevant data.
This position requires that the candidate be a US Citizen or a permanent resident. The candidate should be able to travel domestically and/or internationally, provide out of hours on-call support for issues requiring escalation, and may be required to provide ad-hoc shift support on occasion.
The responsibilities include:
· Detect patterns within large data sets that match the tactics, techniques and procedures of known threat actors, advanced malware and unusual behaviors.
· Leverage the MITRE ATT&CK threat model to quantify our security risk against known adversary behaviors and develop analytics (dashboards, reports, and alerts) to detect the identified behaviors.
· Collaborate with the Cyber Threat Simulation team for Purple Team exercises, and technical research on exploits, offensive techniques, and appropriate countermeasures.
· Collaborate with the Cyber Threat Intelligence team to build threat profiles of adversary groups.
· Provide subject matter expertise and technical support to Tier 1 Incident Handlers and Tier 2 Incident Handlers.
· Assist in the construction of signatures which can be implemented on security controls in response to new or observed threats.
· Confer with incident handlers, security analysts, engineers, programmers, and others to design applications that support incident response and monitoring functions.
· Provide expert analytic investigative support of large scale and complex security incidents.
· Conduct dynamic and static malware analysis on samples obtained during incident handling or hunt operations in order to identify IOCs.
· Ability to identify hidden patterns or relationships with large and unrelated data sets using data science and visualizations.
· Skill in developing or recommending analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists.
· Experience with Security Information and Event Management (SIEM) solutions (e.g. SA, QRadar, Splunk ES, Phantom) and EDR tool suites (e.g. Crowdstrike, Carbon Black, Sentinel One).
· Skill in parsing large data files, automating manual tasks, and fetching/processing remote data.
· Skill in writing scripts (e.g., R, Python, PIG, HIVE, SQL) and using data analysis tools (e.g., Excel, SAS, SPSS).
· Ability to use data visualization tools (e.g., Flare, HighCharts, AmCharts, D3.js, Processing, Google Visualization API, Looker, PowerBI, Tableau, Raphael.js).
· Skill in performing packet-level analysis using appropriate tools (e.g., Netwitness, Wireshark, tcpdump).
· Skill in static and dynamic analysis of malicious code.
· 5 to 10 years’ experience working within a CSIRT or SOC team is preferred.
Industry certifications such as GCIH, GREM, GCFA, GCFE, and GMON are desirable.
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided