Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: InfoSec Jobs InfoSec Jobs

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Senior Threat Hunter
Company Cigna
Location US Remote/ Bloomfield CT/ St. Louis MO
Preferred GIAC Certifications GSEC, GCIH, GCIA, GPEN, GDAT, GCFA, GMON, GCTI, GWCN, GRID
Travel 5%
Salary Not provided
URL https://jobs.cigna.com/us/en/job/20019744/Senior-Threat-Hunter
Contact Name Tom Shew
Contact Email TSHEW/at/express-scripts.com
Expires 2021-02-19

Job Description

As a member of the Cyber Security Global Threat Management team, the Threat Hunting Information Protection Senior Advisor utilizes the cyber threat hunting process to proactively and iteratively search through networks to identify and isolate advanced threats. They will support the planning, scoping, collection, analysis, and reporting of hunt information to increase the security posture of Cigna. Additionally, they will create new detections and analytics for identification of new threats and support Incident Response with advanced pivoting and correlation as necessary.

Role Responsibilities

• Utilize threat intelligence, current trends, and vulnerability information to perform hunts on Cigna networks

• Be involved in all phases of a hunt engagement including planning, scoping, collection, analysis, and reporting

• Interface with other organizations to validate findings and make recommendations for the remediation of identified anomalies and vulnerabilities

• Interface with Incident Response Team, stay aware of and provide Threat Hunt support to ongoing incidents on Cigna networks

• Interface with Threat Intelligence Team to operationalize threat intelligence information

• Analysis and mapping of log sources and detections to the MITRE ATT&CK matrix or other applicable frameworks to understand and advance Cigna security posture

• Advance the current state of threat detection including correlation of log events, implementation of new capabilities, integrations between capabilities, development of analytics and detections, etc.

Skills

• Strong analytical skills and ability working with large data sets

• Knowledge of networking protocols and infrastructure designs; including routing, firewall functionality, host and network intrusion detection systems, encryption, load balancing, and other network protocols

• Advanced knowledge of log analysis, traffic flow analysis and experience with associated infrastructure and systems to aid in the identification of malware or other malicious behavior

• Able to provide recommendations of security improvements by assessing current efficacy of current capabilities/solutions, evaluating trends and anticipating requirements

• Knowledge of virtual environments, Cloud platforms (IaaS), network operating systems, mobile device environments, and data encryption methods

• Strong knowledge of a broad array of security tools including Security Information and Event Management (SIEM) system, intrusion detection systems, web proxy systems, threat intelligence platforms and other tools used to assess network security

• Strong knowledge of the technical details involved in current APT threats and exploits involving various operating systems, applications and networking protocols, including working knowledge of the Cyber Kill Chain and MITRE ATT&CK Matrix

• Demonstrated ability to work in a team environment both in-person and remotely

• Excellent written and verbal communication skills, analytical ability, and the ability to work effectively with peers, IT management and senior leaders

• Must be able to multi-task and work independently on assignments using professional discretion and judgment as well as transition quickly between projects with limited supervision

• Ability to participate in customer and partner facing meetings and projects, including those that involve technical topics or technical service delivery

• Relevant certifications, in addition to professional experience, include OSCP, OSCE, GCFA, GCIH, GCIA, GPEN, GDAT, GMON, GCTI, GWCN, GRID