Threat Hunter
Security
Threat Hunter
PepsiCo Consulting Polska
Warszawa
Type of work
Undetermined
Experience
Senior
Employment Type
Permanent
Operating mode
Office
Tech stack
SIEM
penetration testing
Job description
PepsiCo products are enjoyed by consumers more than one billion times a day in more than 200 countries and territories around the world. PepsiCo generated more than $64 billion in net revenue in 2018, driven by a complementary food and beverage portfolio that includes Frito-Lay, Gatorade, Pepsi-Cola, Quaker and Tropicana. PepsiCo's product portfolio includes a wide range of enjoyable foods and beverages, including 22 brands that generate more than $1 billion each in estimated annual retail sales.
We’re on the look-out for a
Threat Hunter
As a Threat Hunter, you will be a key member of the Threat Detection Operations team within PepsiCo’s Cyber Fusion Center. You will be responsible for turning threat intelligence into actionable alerts. Your goal is to identify threat actor activity as quickly as possible and convey your findings to the Incident Response team for remediation, working together to minimize attacker dwell time. Your success will require more than just looking for known Indicators of Compromise. To excel in this role, you will need to seek out the Tactics, Techniques and Procedures used to infiltrate networks.
Your Job Duties will include:
- Executing hunt missions guided by threat intelligence, analysis of anomalous log data, and/or team brainstorming sessions with the goal of identifying threat actors in PepsiCo’s networks.
- Identifying the best means for detecting threat actor activities.
- Organizing detections in the framework of MITRE ATT&CK.
- Analysis of network packet captures, DNS query logs, proxy logs, Netflow, as well as other logs from applications and operating systems.
- Reviewing alerts generated by detection infrastructure for false positives and improve alerts as needed
Experience (required):
As a Threat Hunter, you will be a key member of the Threat Detection Operations team within PepsiCo’s Cyber Fusion Center. You will be responsible for turning threat intelligence into actionable alerts. Your goal is to identify threat actor activity as quickly as possible and convey your findings to the Incident Response team for remediation, working together to minimize attacker dwell time. Your success will require more than just looking for known Indicators of Compromise. To excel in this role, you will need to seek out the Tactics, Techniques and Procedures used to infiltrate networks.
Your Job Duties will include:
- Executing hunt missions guided by threat intelligence, analysis of anomalous log data, and/or team brainstorming sessions with the goal of identifying threat actors in PepsiCo’s networks.
- Identifying the best means for detecting threat actor activities.
- Organizing detections in the framework of MITRE ATT&CK.
- Analysis of network packet captures, DNS query logs, proxy logs, Netflow, as well as other logs from applications and operating systems.
- Reviewing alerts generated by detection infrastructure for false positives and improve alerts as needed
Experience (required):
- 6+ years overall IT Infrastructure experience
- 3+ years of recent experience in a technical security role (such as in a SOC, Incident Response team, Malware Analysis, IDS/IPS Analysis, etc.)
Experiences (desired):
- Deploying and configuring information technology systems in a corporate environment
- Using and maintaining a SIEM (Security Information & Event Monitoring) solution such as ArcSight, Elasticsearch, LogRhythm, NetWitness, QRadar, or Splunk
- Tuning a NIDS (Network Intrusion Detection System) such as Snort or Zeek or Suricata or their commercial equivalents
- Performing forensic analysis to identify the source of malicious activity
- Developing Software using Agile methodologies
- Penetration Testing or Red Team work
Skills:
- Thinking like an attacker
- Automating simple tasks with one or more common scripting languages (Python, Powershell, PERL, etc)
- Able to craft regular expressions that will filter data down to exactly what you want and nothing you don’t want.
- Familiarity with installing and managing both Linux/UNIX & Windows operating systems
- Understanding of the TCP/IP networking stack & network technologies
- Working knowledge of full packet capture /PCAP analysis and accompanying tools (Wireshark, etc.)
- Able to navigate and explain Active Directory and Group Policy
- Knowledgeable in several of the following subjects:
- APT/crimeware ecosystems
- Cloud infrastructure monitoring
- Data analytics/science
- IT architecture & infrastructure design
- Log management/SIEM
- Malware analysis & reverse engineering
- Red Team/Penetration testing
- Scripting & automation
- Security engineering
- Software vulnerabilities & exploitation
- Comfortable working with a diverse and global team of security professionals