Cyber Threat Hunter
5 - 7 years experience • Accounting, Finance & Insurance
Every day, the people of TSYS® and Netspend® improve lives and businesses around the globe through payments. We make it possible for millions of people to move money between buyers and sellers using our payments solutions including credit, debit, prepaid and merchant services. We are "People-Centered Payments", and our team has the unique opportunity to help create a world in which payments make people's lives easier and better. This is both a tremendous honor and an important responsibility for those who accept the challenge. If you are looking to make a valuable difference for people everywhere — and for yourself — we may have the right place for you.
Summary of This Role
- Hunt for and identify threat actor groups and their techniques, tools and processes
- Participate in "hunt missions" using threat intelligence, analysis of anomalous log data and results of brainstorming sessions to detect an eradicate threat actors on the TSYS network.
- Provide expert analytic investigative support of large scale and complex security incidents.
- Perform analysis of security incidents for further enhancement of alert catalog
- Continuously improve processes for use across multiple detection sets for more efficient TMC operations
- Document best practices with the TMC staff using available collaboration tools and workspaces.
- Review alerts generated by detection infrastructure for false positive alerts and modify alerts as needed
- Develop dashboards and reports to identify potential threats, suspicious/anomalous activity, malware, etc
- Provide forensic analysis of network packet captures, DNS, proxy, Netflow, malware, host-based security and application logs, as well as logs from various types of security sensors
- A passion for research, and uncovering the unknown about internet threats and threat actors
- 6+ years overall IT Infrastructure experience
- 3+ years of recent operational security experience (SOC, Incident Response, Malware Analysis, IDS/IPS Analysis, etc)
- Experience with several of the following topics:
- Malware analysis
- APT/crimeware ecosystems
- Exploit kits
- Cyber Threat intelligence
- Software vulnerabilities & exploitation
- Data analysis
- Dark web intelligence
- Demonstrated knowledge of Linux/UNIX & Windows operating systems
- Demonstrated knowledge of the Splunk search language, search techniques, alerts, dashboards and report building.
- Experience with Snort, Bro or other network intrusion detection tools
- Detailed understanding of the TCP/IP networking stack & network technologies
- Working knowledge of full packet capture PCAP analysis and accompanying tools (Wireshark, etc.)
- Nominal understanding of regular expression and at least one common scripting language (PERL, Python, Powershell).
- Strong collaborative skills and proven ability to work in a diverse global team of security professionals
- Strong organizational skills
- Strong verbal and written skills
- Excellent interpersonal skills
Bachelor’s degree, or relevant work experience
Relevant Technical Security Certifications (GIAC, EC-Council, Offensive Security, etc)