Consulting Director, Threat Hunter at CNA
Threat Hunter Consulting Director is a senior level individual contributor focused on proactively searching adversarial activity in the network with the goal to discover threats prior to an adversary completes its mission. This role utilizes advanced skills to perform enterprise forensics including operating system artifact analysis log analysis network traffic analysis and MITRE ATT&CK framework. This position is also responsible for developing innovative and creative detection tactics and techniques that protects client data and corporate assets from diverse threats. This position is a key member of a highly technical team that operates in a rapidly changing environment.
Essential Duties & Responsibilities
Performs a combination of duties in accordance with departmental guidelines:
- Leads and conducts real-time and historical analysis using the full security suite owned by CNA including Endpoint Protection SIEM Firewall Endpoint Detection & Response Intrusion Detection Systems Email Gateway Web Content Filtering & Identity Management technology.
- Conducts incident response triage analysis on suspected hosts to determine potential ongoing attacks and their scope.
- Conducts hunting operations per latest threat intelligence acquired.
- Creates strategies for enterprise-wide hunts based on triage findings and intelligence efforts.
- Stays current on the latest cyberattack tactics techniques and procedures to discover sophisticated threats in the network.
- Collaborates with SOC Intelligence Incident Response and Enterprise Security Teams for hunt missions.
- Identifies visibility gaps in the network and recommends solutions to address gaps.
- Manages day-to-day activities of the SOC Team regarding Security Monitoring Investigations and Response and Threat and Vulnerability Intelligence.
- Coordinates escalation for advance forensics malware reverse-engineering and additional host review tasks to third-party vendors.
- Articulates security incident details to business stakeholders and non-technical individuals.
May perform additional duties as assigned.
Typically AVP or above
Skills Knowledge & Abilities
- In-depth knowledge of security tools such as SIEM IDS/IPS web proxies DLP CASB SIEM DNS security DDoS protection and firewalls
- In-depth knowledge of open source forensic tools for OS artifact analysis and memory analysis
- In-depth knowledge of network devices such as firewalls switches and routers
- Experience utilizing industry leading SIEMs to conduct security investigations and threat hunting
- Experienced in analyzing and inspecting log files network packets and other security tool information outputs from multiple system types
- In-depth knowledge of basic reverse engineering principles and understand of malware rootkits TCP/UDP packets and network protocols
- Knowledge of web application security and incident investigations
- Demonstrated ability to build execute and lead hunting initiatives programs and an organization
- Required flexibility to work nights weekends and/or holiday shifts in the event of an incident response emergency
- Team-oriented and skilled in working within a collaborative environment
Education & Experience
- Bachelor's degree in Computer Science or related discipline or equivalent work experience.
- Typically a minimum of ten years' related work experience in Information Technology preferably in cyber monitoring hunting and incident response investigations.
- Advanced experience performing forensics malware reverse engineering and/or penetration testing
- Experience in incident analysis security architecture malware research SOC or other incident response procedures.