Threat Hunter Associate Specialist

 
The Threat Hunter will be a key member of the PepsiCo Cyber Fusion Center (CFC) responsible for participating in threat actor based investigations, creating new detection methodology and providing expert support to incident response and monitoring functions. To execute this mission, the Threat Hunter will use data analysis, threat intelligence, and cutting-edge security technologies.

• Research and uncovering the unknown about cyber security threats and threat actors.
• Hunt for and identify threat actors by analyzing and researching the techniques, tools and processes used by threat actors.
• Participate in "hunt missions" using threat intelligence, analysis of anomalous log data and results of brainstorming sessions to detect and eradicate threat actors on the PepsiCo network.
• Provide expert analytic investigative support of large scale and complex security incidents.
• Provide forensic analysis of network packet captures, DNS, proxy, Netflow, malware, as well as logs from various types of security sensors, applications and operating systems.
• Perform analysis of security incidents & threat actors for further enhancement of Detection Catalog and Hunt missions by leveraging the MITRE ATT&CK framework 
• Document best practices with the CFC staff using available collaboration tools and workspaces. 
• Review alerts generated by detection infrastructure for false positive alerts and modify alerts as needed.

• Global position in a highly skilled, multinational team
• The opportunity to contribute to enterprise wide projects in an iconic, leading manufacturing company
• Learning and development possibilities
• Brand new office located downtown
• Private medical care and insurance
• Multisport card

• 6+ years overall IT Infrastructure experience 
• 3+ years of recent operational security experience (SOC, Incident Response, Malware Analysis, IDS/IPS Analysis, etc.) 
• Experience with several of the following topics: 
• Malware analysis & reverse engineering 
• APT/crimeware ecosystems 
• Log management/SIEM 
• Software vulnerabilities & exploitation 
• Scripting & automation 
• Data analytics/science 
• Security engineering 
• Red Team/Penetration testing
• IT architecture & infrastructure design

• Demonstrated strong knowledge of Linux/UNIX & Windows operating systems 
• Demonstrated knowledge of the Splunk search language, search techniques, alerts, dashboards and report building 
• Experience with Snort, Bro or other network intrusion detection tools 
• Detailed understanding of the TCP/IP networking stack & network technologies 
• Working knowledge of full packet capture PCAP analysis and accompanying tools (Wireshark, etc.) 
• Nominal understanding of regular expression and at least one common scripting language (PERL, Python, Powershell) 
• Strong collaborative skills and proven ability to work in a diverse global team of security professionals 
• Strong organizational skills