Cyber Threat Hunter Jobs

Remote role

Responsibilities:

• Analyze security and event logs looking for anomalies and indications of malicious behavior
• Craft and test scenarios for RTX’s security validation platform
• Document hunt team findings for easy recall and to reduce duplication of effort
• Perform daily research to identify new tools, tactics, and procedures for threat actors and malware families
• Participate in technical discussions, projects, and debriefs with peers and senior leadership
• Create detection content to support the automated identification of threats across the environment
• Train and mentor junior analysts
• Triage alerts generated from curated hunt team detection content and escalate as needed to other organizations within cybersecurity defense operations
• Support Security Operation Center and Incident Response activities during both times of crisis and when needed to support incident ticket triage
• Perform threat hunts based on current cyber threat intelligence or recent cyber events
• Draft debriefings and collaborate with other teams within RTX cybersecurity
• Perform micro or ad-hoc threat hunts for to answer RFIs from peers and leadership or to investigate anomalies picked up by security controls

Experience/Qualifications: The perfect candidate would have a working knowledge understanding of…

• Security incident and event monitoring platforms
• Malicious actors and the tools, techniques, and procedures they employ
• Security controls (firewalls, antivirus, Endpoint Detection and Response platforms, Intrusion Detection Systems, packet capture tooling, etc.) and how they can be leveraged to spot anomalies
• TCP/IP and how traffic navigates a network
• Cyber threat hunt methodology and how malicious activity can be identified in a network
• Scripting, particularly in Python, to support task automation
• Windows and Unix based endpoints and servers
• Different threat groups and the TTPs that make them unique
• Cloud service providers and how those technologies fit within the business information system ecosystem
• Log analysis and how events of interest can be linked together or corroborated
• Why malicious actors would target an organization like RTX

Preferred Qualifications:

• Prior experience within security operations, cyber threat hunting, or content detection development is required
• Candidates with previous experience supporting cybersecurity operations within a cyber fusion center are desired
• Must be comfortable meeting and working via teleconference and/or videoconference
• Typically requires a University Degree or equivalent experience and a minimum 8 years of experience, or an Advanced Degree and a minimum 5 years experience.
• Must be able to work well with others on a close-knit team
• Must be fully vaccinated against Covid-19 Education:
• Experience using Endpoint Detection and Response platforms and other cyber threat hunt tooling is also desired but not required
• Must have excellent communication skills and be able to convey technical details to audiences of differing technical aptitude
• Must be a self-starter, capable of identifying tasks and working projects with little oversight

Location: Remote

Work Authorization: US Citizen Required

Powered by JazzHR

PfiPsOTT74