Cyber Threat Hunting Engineer

Overview

Reporting directly to Security Engineering Management and under the general supervision by Information Security Office Leadership, this role will be leading our threat hunting and intel programs. The ideal candidate will have a strong analytical mindset, hands-on experience with cybersecurity tools, and the ability to detect sophisticated cyber threats before they become impactful incidents. General duties will include, but are not limited to:

• Lead the development and lifecycle of TierPoint threat hunting and cyber intel programs.
• Collaborate with security operations, product development, and other engineering teams.
• Serve as a subject matter expert on our security threat landscape.

Responsibilities

• Perform deep analysis of system logs, network traffic, and endpoint security data.
• Observe and interpret machine learning data.
• Develop and execute hypothesis-driven threat hunting methodologies.
• Work directly with Security Engineering to develop new security tools.
• Stay updated on the latest threat actor tactics, techniques, and procedures (TTPs)
• through research.
• Prepare detailed reports and recommend mitigation actions.
• Develop threat models and defense strategies.
• Assist with tuning security tooling to ensure maximum effectiveness.
• Serve as an escalation point for the SOC to help interpret suspicious activity.
• Mentor junior team members through information and knowledge sharing.
• Other duties as assigned.

Qualifications

• Experience with threat hunting, log analysis, and SIEM technologies.
• Experience with threat hunting frameworks (e.g. MITRE ATT&CK)
• Experience with Python, BASH, and other programming/scripting languages.
• Deep level understanding of network protocols, operating systems, and infrastructure.
• Exceptional analytical and problem solving skills.
• Strong communication skills for documenting findings and interfacing with internal and external customers.

Preferred Experience

Experience with the following technologies:

• Elasticsearch, Big data, SIEM
• Network packet capture analysis (wireshark, firewalls, IDS, Netflow)
• Suricata, Zeek
• Systems Administration
• Active Directory
• Windows and Linux Servers
• Datacenter Networks

Experience with the following technical concepts:

• OSI Model
• Red Team / Blue Team
• Defense in depth/Zero Trust
• Hashing
• OSINT
• Attack Methodology
• Cyber Kill Chain (CKC)
• Compliance requirements (NIST/PCI/HIPAA/etc.)
• Experience with the following administrative concepts:
• Agile/Scrum project management
• Documentation/Learning management
• Process management

Working Condition Requirements:

• Remote and/or office environment 

Pay TransparencyTierPoint is committed to practices that promote pay equity and transparency. We provide a compensation range for roles that may be hired in locations with pay transparency law requirements. It’s important to note the pay range may be narrower than displayed, as various factors are used to determine the offered compensation package including skill set, level of experience, geographic locations, and other relevant factors- i.e. budgetary requirements.Pay Range $111,716.54- $167,574.81

#LI-EW1

#LI-Remote