As part of Northern Trust's Global Threat Management team, conduct cyber threat hunting missions under the supervision of the senior cyber threat hunter and in collaboration with the Northern Trust Cyber Coordination Center. Cyber threat hunting includes threat research, threat detection creation, initial triage/forensic operations, and the ability to device creative solutions to cutting edge threat challenges.

Responsibilities:

Monitors threat landscape for changes in adversary Tactics, Techniques, and Procedures

Conduct Threat Hunts under the direction of the senior hunting analysts

Identifies novel threats and creates response procedures on-the-fly, if necessary

Collaborates with the NT Cyber Coordination Center and Cyber Threat Intelligence teams

Perform network, host, identity and/or cloud forensics, as required (not all these skills required upon hire)

Provide outside-of-the box mitigations to emerging threats, as necessary

Works with vendors to enhance cyber threat hunting and detection capabilities

Qualifications/Experience

Attention to detail and excellent critical thinking and problem solving skills

Strong analytical skills and the ability to sift through large amounts of log data to identify anomalies, patterns

In lieu of Bachelor's degree, relevant military experience, certification, or ability to clearly demonstrate competence through experience.

Bachelor's degree in computer science, Engineering or Related Field. Alternatively, degree in logic, philosophy, systemic theology or related discipline with ability to apply concepts to technology.

Assist in the scoping and execution of cyber threat hunt operations based on intelligence, current vulnerabilities/trends or business need

Experience with security monitoring and investigative technologies such as SIEM, EDR, UEBA and host based forensic tools

Familiarity with industry wide frameworks such as MITRE ATT&CK and Cyber Kill Chain

Maintain awareness of current threats and actors and their motives, techniques, tools and procedures

Assist the NTC3 in IR during major incidents

3-5 years of experience with Threat Hunt, Incident Response or SOC

Industry related certifications such as: GIAC GSEC, GCIH, GCFE, GCFA, CISSP, OSCP

Additional Information