The Senior Threat Hunter will be a key member of the PepsiCo Cyber Fusion Center (CFC) responsible for leading threat actor based investigations, directing new detection methodology and providing expert support to incident response and monitoring functions. The focus of the Threat Hunter is to detect, disrupt and eradicate threat actors from enterprise networks. To execute this mission, the Senior Threat Hunter will use data analysis, threat intelligence, and cutting-edge security technologies.
- Hunt for and identify threat actor groups and their techniques, tools and processes
- Lead "hunt missions" using threat intelligence, analysis of anomalous log data and results of brainstorming sessions to detect and eradicate threat actors on the PepsiCo network.
- Provide expert analytic investigative support of large scale and complex security incidents.
- Perform & direct analysis of security incidents for further enhancement of alert catalog.
- Continuously improve processes for use across multiple detection sets for more efficient CFC operations.
- Lead documenting best practices with the CFC staff using available collaboration tools and workspaces.
- Manage and direct external security providers to provide actionable and useful incident escalations.
- Identification of and correlation with other data sources to enhance security event detection, monitoring and response capabilities.
- Act as a subject matter expert for inquiries by internal IT engineering teams
- A passion for research, and uncovering the unknown about cyber security threats and threat actors.
- Write blog posts, white papers and/or present findings at security conferences.
- Bachelor's degree in Information Technology, related discipline or relevant work experience
- Relevant Technical Security Certifications (GIAC, EC-Council, Offensive Security, etc.)
- 8+ years overall IT Infrastructure experience
- 5+ years of recent operational security experience (SOC, Incident Response, Malware Analysis, IDS/IPS Analysis, etc.)
- Experience performing the role of a technical lead in complex global security projects
- Experience with several of the following topics: Malware analysis; APT/crimeware ecosystems; Exploit kits; Cyber Threat intelligence; Software vulnerabilities & exploitation; Data analysis
- Demonstrated knowledge of Linux/UNIX & Windows operating systems
- Demonstrated knowledge of the Splunk search language, search techniques, alerts, dashboards and report building
- Experience with Snort, Bro or other network intrusion detection tools
- Detailed understanding of the TCP/IP networking stack & network technologies
- Working knowledge of full packet capture PCAP analysis and accompanying tools (Wireshark, etc.)
- Nominal understanding of regular expression and at least one common scripting language (PERL, Python, Powershell).
- Strong collaborative skills and proven ability to work in a diverse global team of security professionals
- Strong organizational skills and mentoring
- Strong verbal and written skills
- Excellent interpersonal skills
Not Eligible for Relocation