Lead Cyber Security Threat Specialist (Threat Hunter)

FreeportMcMoRan Copper & Gold   •  

Phoenix, AZ

Industry: Manufacturing

  •  

11 - 15 years

Posted 75 days ago

This job is no longer available.

Job Description

Freeport-McMoRan is a premier U.S.-based natural resources company with headquarters in Phoenix, Arizona. We operate large, long-lived, geographically diverse assets with significant proven and probable reserves of copper, gold and molybdenum. The company has a dynamic portfolio of operating, expansion and growth projects in the copper industry. Freeport-McMoRan is the world’s largest publicly traded copper producer, the world’s largest producer of molybdenum and a significant gold producer. We have a long and successful history of conducting our business in a safe, highly efficient and socially-responsible manner.

We have the assets, the talent, the drive and the financial strength to provide attractive and rewarding careers for our employees. We encourage you to take some time to explore your career opportunities at Freeport-McMoRan.

The role will be a key member of the MIS Security team and is responsible for participating in and overseeing threat actor-based investigations, creating new detection methodology and providing expert support to the Security Operations/Threat Hunting/IR Teams. The focus is to detect, disrupt and eradicate threat actors from enterprise/cloud networks. To execute this mission the incumbent will use data analysis, threat intelligence, and cutting-edge security technologies. The incumbent must effectively work with MIS leadership including the CIO, CISO, Business Leadership, Senior Directors, Managers, and Staff.

  • Responsible for establishing and maintaining a sophisticated cybersecuritythreat hunting program using tools such as EDR, SIEM, NetFlow/sFlow, PIM information, DLP, DNS Logs, firewall logs, PCAP, threat intelligence feeds, known adversary tactics, techniques and procedures as well as indicators of attack, law enforcement discussions, information gleaned from IR activities, system logs, vulnerability scan data, and other sources combined with an understanding of business context and frameworks like the MITRE ATT&CK to develop mission statements and test theories
  • Works closely with other Security Analysts, Cyber Hunters and Security Engineers to identify anomalous and long-term patterns and trends which help to support identification of advanced, or targeted threats
  • Coordinates and has oversight of threat hunting efforts performed by outsource partners
  • Recognizes potential, successful, and unsuccessful intrusion attempts and compromises through review and analysis of relevant event details and summary information
  • Develops and executes strategy and projects to build and mature the Threat Hunting program from an ad-hoc level of response to a top-down, proactive operations team
  • Develops and improves the process, procedure, and metrics framework for the team to execute threat hunting functions in a consistent and repeatable fashion
  • Provides guidance, work leadership and quality assurance for less experienced or outsourced incident response and threat hunting activities
  • Creates executive and detailed reporting including root cause analysis, to provide insight into our current threatlandscape and give input and recommendations to enterprise securityarchitecture efforts to improve security capabilities and posture
  • Maintains knowledge and understanding of current threat actors, tactics, techniques and procedures, indicators of compromise, hunting tools and processes, as well as updated skills by attending law enforcement briefings, conferences, and specialized training, reading articles, blogs, and books, developing professional networks and collaborating with members of the Mining & Metals ISAC and other professional organizations
  • Participates in special projects and perform other duties as required
  • Responsible for establishing and maintaining a sophisticated cybersecuritythreat hunting program using tools such as EDR, SIEM, NetFlow/sFlow, PIM information, DLP, DNS Logs, firewall logs, PCAP, threat intelligence feeds, known adversary tactics, techniques and procedures as well as indicators of attack, law enforcement discussions, information gleaned from IR activities, system logs, vulnerability scan data, and other sources combined with an understanding of business context and frameworks like the MITRE ATT&CK to develop mission statements and test theories
  • Works closely with other Security Analysts, Cyber Hunters and Security Engineers to identify anomalous and long-term patterns and trends which help to support identification of advanced, or targeted threats
  • Coordinates and has oversight of threat hunting efforts performed by outsource partners
  • Recognizes potential, successful, and unsuccessful intrusion attempts and compromises through review and analysis of relevant event details and summary information
  • Develops and executes strategy and projects to build and mature the Threat Hunting program from an ad-hoc level of response to a top-down, proactive operations team
  • Develops and improves the process, procedure, and metrics framework for the team to execute threat hunting functions in a consistent and repeatable fashion
  • Provides guidance, work leadership and quality assurance for less experienced or outsourced incident response and threat hunting activities
  • Creates executive and detailed reporting including root cause analysis, to provide insight into our current threatlandscape and give input and recommendations to enterprise securityarchitecture efforts to improve security capabilities and posture
  • Maintains knowledge and understanding of current threat actors, tactics, techniques and procedures, indicators of compromise, hunting tools and processes, as well as updated skills by attending law enforcement briefings, conferences, and specialized training, reading articles, blogs, and books, developing professional networks and collaborating with members of the Mining & Metals ISAC and other professional organizations
  • Participates in special projects and perform other duties as required

Minimum Qualifications

  • Bachelor’s degree in Information Technology, Cyber Security, Computer Science, Computer Engineering, or Electrical Engineering or related field and ten (10) years of IT experience with a minimum of four (4) years in Security
  • Excellent analytical skills: able to break down complex, multi-faceted problems into actionable steps without over-simplification
  • Ability to communicate security-related concepts to a broad range of technical and non-technical staff in an intelligent, articulate, and persuasive manner
  • Strong technical, facilitative and collaboration skills, organizational and time management skills, communication (verbal and written) and interpersonal skills

Qualifications

Preferred

  • Security certifications such as CISSP, GCIH, GREM, GCFA, GPEN, GCIA, OSCP, etc.
  • Understanding of computer network penetration testing and techniques; computer evidence seizure, computer forensic analysis, and data recovery; computer intrusion analysis and incident response, intrusion detection; computer network monitoring; network protocols, network devices, multiple operating systems, and secure architectures
  • Progressively responsibleexperience in cybersecurity analysis, incident response, or related experience
  • Malware forensics and analysis experience
  • EDR platform experience
  • Experience as Threat Researcher and/or Intelligence Analyst
  • Strong scripting and task automation skills including familiarity with scriptinglanguages (BASH, PowerShell, Python, PERL, RUBY) or software development frameworks (.NET)

Criteria/Conditions

  • Ability to understand and apply verbal and written work and safety-related instructions and procedures given in English
  • Ability to communicate in English with respect to job assignments, job procedures, and applicable safety standards
  • Must be able to work in a potentially stressful environment
  • Position is in busy, non-smoking office located in Phoenix, AZ
  • Location requires mobility in an office environment; each floor is accessible by elevator and internal staircase
  • Occasionally work may be performed in a mine, outdoor or manufacturing plant setting
  • Must be able to frequently sit, stand and walk
  • Must be able to frequently lift and carry up to ten (10) pounds
  • Personal protective equipment is required when performing work in a mine, outdoor, manufacturing or plant environment, including hard hat, hearing protection, safety glasses, safety footwear, and as needed, respirator, rubber steel-toe boots, protective clothing, gloves and any other protective equipment as required
  • Freeport-McMoRan promotes a drug/alcohol-free work environment through the use of mandatory pre-employment drug testing and on-going random drug testing as allowed by applicable State laws