Threat Hunter
Englewood Cliffs, NEW JERSEY, United States
Company Description
We create world-class content, which we distribute across our portfolio of film, television, and streaming, and bring to life through our theme parks and consumer experiences. We own and operate leading entertainment and news brands, including NBC, NBC News, MSNBC, CNBC, NBC Sports, Telemundo, NBC Local Stations, Bravo, USA Network, and Peacock, our premium ad-supported streaming service. We produce and distribute premier filmed entertainment and programming through Universal Filmed Entertainment Group and Universal Studio Group, and have world-renowned theme parks and attractions through Universal Destinations & Experiences. NBCUniversal is a subsidiary of Comcast Corporation.
Here you can be your authentic self. As a company uniquely positioned to educate, entertain and empower through our platforms, Comcast NBCUniversal stands for including everyone. Our Diversity, Equity and Inclusion initiatives, coupled with our Corporate Social Responsibility work, is informed by our employees, audiences, park guests and the communities in which we live. We strive to foster a diverse, equitable and inclusive culture where our employees feel supported, embraced and heard. Together, we’ll continue to create and deliver content that reflects the current and ever-changing face of the world.
Job Description
The Threat Hunter identifies threat actor tactics, techniques, and procedures (TTPs) by analyzing large data sets and correlating information and behavioral indicators. This role will proactively identify and analyze emerging threats, provide support to security operations and response teams, mentor and share knowledge, and contextualize threats to business operations and assets. Day to day activities will include actively hunting for indicators of compromise and APT tactics, techniques, and procedures within the environment, as well as researching new threats as they emerge and identifying opportunities for improvement.
Key Responsibilities:
- Actively search through vast datasets, including security event logs, network security logs, endpoint data, and cloud security logs to uncover hidden threats and indicators of compromise (IOCs).
- Create and refine complex analytical queries used to hunt behavioral TTPs identified through hypothesis generation and informed by threat intelligence.
- Seek input from team members and subject matter experts to refine hunting data and build context for hunts and alerts.
- Innovate hunting query development by leveraging all relevant data sources and resources to perform analysis.
- Create, recommend, and assist with the development of security content resulting from threat hunting.
- Review data from incident writeups, malware reports, and other technical documentation to create hunting opportunities.
- Participate in purple team exercises, working with others to hunt on exercises conducted in coordination with detection and response.
- Write technical threat hunt reports which highlight hunt activities, results, escalations, remediation items, and gaps.
Qualifications
- Minimum 3 years of cybersecurity experience in threat hunting, incident response, digital forensics, cyber intelligence, or related fields.
- Expert knowledge of security technologies and related data sets that enable cyber threat hunt operations including operating system logs, network logs, EDR, cloud environments and others.
- Tactical, operational, and strategic knowledge of the cyber threat landscape to include different types of adversaries, campaigns, and motivations.
- Knowledge of industry recognized security and analysis frameworks (MITRE ATT&CK, Kill Chain, Diamond Model, NIST Incident Response, etc.).
- Experience in network and host-based analysis and investigation.
- Experience with Splunk Search Processing Language (SPL), LogScale, and Endpoint Detection and Response (EDR) tools or other SIEM technologies and query languages.
- Understanding of complex enterprise networks to include endpoint, network, email, identity management, and administration systems.
- Deep understanding of network and host-based security concepts, including protocols (HTTP, DNS, SMB), operating systems (Windows, Linux, macOS), authentication protocols, and security tools (SIEM, EDR, SOAR).
- Excellent analytical and problem-solving skills, detail-oriented, and able to communicate process and findings verbally and through reports.
- General understanding of various cloud technologies and the security implications behind them
Fully Remote: This position has been designated as fully remote, meaning that the position is expected to contribute from a non-NBCUniversal worksite, most commonly an employee’s residence.
This position is eligible for company sponsored benefits, including medical, dental and vision insurance, 401(k), paid leave, tuition reimbursement, and a variety of other discounts and perks. Learn more about the benefits offered by NBCUniversal by visiting the Benefits page of the Careers website. Salary range: $130,000 - $160,000
Additional Information
As part of our selection process, external candidates may be required to attend an in-person interview with an NBCUniversal employee at one of our locations prior to a hiring decision. NBCUniversal's policy is to provide equal employment opportunities to all applicants and employees without regard to race, color, religion, creed, gender, gender identity or expression, age, national origin or ancestry, citizenship, disability, sexual orientation, marital status, pregnancy, veteran status, membership in the uniformed services, genetic information, or any other basis protected by applicable law.
If you are a qualified individual with a disability or a disabled veteran and require support throughout the application and/or recruitment process as a result of your disability, you have the right to request a reasonable accommodation. You can submit your request to AccessibilitySupport@nbcuni.com.
For LA County and City Residents Only: NBCUniversal will consider for employment
qualified applicants with criminal histories, or arrest or conviction records, in a manner
consistent with relevant legal requirements, including the City of Los Angeles' Fair Chance
Initiative For Hiring Ordinance, the Los Angeles' County Fair Chance Ordinance for Employers, and the California Fair Chance Act, where applicable.
Job Profile
Fully remote
Benefits/PerksCompany sponsored benefits Corporate social responsibility Dental Discounts Discounts and perks Fully remote Inclusion initiatives Inclusive culture Medical Other discounts and perks Paid leave Tuition reimbursement Vision Insurance
Tasks- Analyze large data sets
- Documentation
- Hunt for indicators of compromise
- Identify threat actor tactics
- Mentor team members
- Research new threats
- Write
Analytical Business Cloud Cloud environments Cloud Security Cloud Technologies Cyber intelligence Cybersecurity Data analysis Development Diamond model Digital Forensics Documentation EDR Forensics Identity Management Incident Response Kill chain Linux MITRE ATT&CK Network logs Network security NIST NIST incident response Operating system logs Operating Systems Problem-solving Programming Security Security Operations Security Technologies SIEM Splunk Technical Documentation Threat Hunting Threat Intelligence Windows
Experience3 years
Education TimezonesAmerica/Anchorage America/Chicago America/Denver America/Los_Angeles America/New_York Pacific/Honolulu UTC-10 UTC-5 UTC-6 UTC-7 UTC-8 UTC-9