Principal Threat Hunter, Cyber Security (remote)
$121,000 - $186,230/Yr
AmerisourceBergen
posted about 1 month ago
Full-time - Principal
Remote
Merchant Wholesalers, Nondurable Goods
About the position
The Principal Threat Hunter is a key technical leader within the Cencora Security Operations Center, responsible for proactively investigating potential cyber threats using their expertise in adversarial tactics, security controls, and networking. This role focuses on enhancing detection, response, and security measures to protect the organization from cyber threats.
Responsibilities
- Conduct threat hunting to identify, classify, prioritize, and report on cyber threats following industry best practices.
- Conduct research on emerging security threats; provide correlation and trending of cyber incident activity.
- Craft methodologies for monitoring, detection, and analytics for SIEM and other platforms.
- Provide security gap analysis and effectiveness assessments of security platform technologies such as SIEM, SOAR, XDR, EDR.
- Formulate methodologies to monitor for and respond to security-related events.
- Identify and correlate with other data sources to enhance security event detection, monitoring, and response capabilities.
- Oversee the response to information security incidents, including investigation, countermeasures, and recovery.
- Analyze security incidents for further enhancement of alerting schema.
- Provide security briefings to advise on critical issues that may affect the enterprise.
Requirements
- Exceptional written and verbal communication skills to convey complex technical topics clearly.
- Expert level understanding of security controls including system-level controls, network controls, and security operations across Endpoint, Cloud, SaaS, and Identity.
- Advanced knowledge of Endpoint Detection and Response (EDR) capabilities and multiple EDR products.
- Foundational knowledge of Digital Forensics and Incident Response (DFIR) processes.
- Experience creating SIEM correlation logic, performing data analysis, managing data intake, and conducting security threat analytics on real-time and historical log data.
- Ability to create processes around analyzing and investigating alerts and threats for anomalous, suspicious, or malicious activity.
- Ability to create processes and methodologies to support proactively hunting for potential cyber threats.
- Knowledge of regular expressions and at least one common scripting language (Python, Powershell, etc).
- Experience mentoring others as they advance their technical skills.
- Ten (10) or more years of working in the cybersecurity industry (Enterprise level).
- Eight (8) or more years of directly-related or relevant experience, preferably in information security.
- Bachelor's Degree in Computer Science, Information Technology or any other related discipline or equivalent related experience.
Nice-to-haves
- Azure Security Engineer Certification
- Certified Cloud Security Professional (CCSP)
- Certification in Information Security Strategy Management (CISM)
- Certified Information Systems Security Professional (CISSP)
- CompTIA Security + Certification
- Systems Security Certified Practitioner (SSCP)
Benefits
- Medical, dental, and vision care
- Backup dependent care
- Adoption assistance
- Infertility coverage
- Family building support
- Behavioral health solutions
- Paid parental leave
- Paid caregiver leave
- Training programs
- Professional development resources
- Mentorship programs
- Employee resource groups
- Volunteer activities
