Analyst IV-Threat Intel

The Threat Management Center (TMC) serves as the initial point of defense for Verizon's networks and information systems, safeguarding them against internal misconduct and cyber-attacks. The TMC Advanced Cyber Defense (TMC-ACD) team is tasked with responding to, investigating, hunting and managing all incidents. Collectively, the teams strive to protect Verizon's brand reputation and revenue streams through proactive identification, response, and mitigation of potential threats that could adversely affect Verizon or its business partners.

Verizon is looking for an innovative and driven leader who will be responsible for enhancing our existing threat defense capabilities and maturing our current processes within Verizon's unique security landscape. This threat hunter role will work in the TMCs fast paced collaborative environment and is required to be adaptable, utilize both strategic and tactical techniques, and think creatively to effectively navigate the evolving threat landscape. This individual will take the initiative to identify and neutralize threats through proactive hunting and detection, improve incident response and mitigation strategies, and ensure continuous operations to safeguard Verizon from current and future cyber threats. The position will support threat hunting, digital forensics, and incident responder duties.

Responsibilities:

• Performing day-to-day operations as a trusted advisor on advanced threat hunt for team
• Leading "hunt missions" using threat intelligence, data from multiple sources and results of brainstorming sessions to discover evidence of threats, insider misconduct, or anomalous behaviour
• Utilizing advanced threat hunting techniques and tools to detect, analyze, and respond to anomalous activities. This includes Identifying threat actor groups and characterizing suspicious behaviours as well as being able to identify traits, C2, and develop network and host-based IOCs or IOAs.
• Finding evidence of threats or suspicious behaviour, and leveraging data to improve controls and processes; this will require a blend of investigative, analytical, security, and technical skills to be successful.
• Evaluating and making recommendations on security tools and technologies needed to analyze potential threats to determine impact, scope, and recovery.
• Ensuring gaps in detections are socialized with Cyber Security stakeholders; this includes identifying dependencies, recommendations, and collaborating to mitigate threats.
• Reviewing outcomes of incident lessons learned, root cause analysis, and on-demand compliance audits to ensure repeatable and sustainable processes are established, followed or adjusted when necessary.
• Acting as subject matter expert in internal and external audit reviews. This includes producing and presenting artifacts and executive summaries to support the overall mission of the TMC.
• Participating in Purple Team, Threat Hunt, and tabletop exercises.
• Working closely with key cross-functional stakeholders to develop and utilize proactive and mitigating measures to prevent, detect and respond to potential threats to Verizon on-prem and cloud environments.
• Presenting executive-level operational read-outs, metrics, and case reviews that accurately capture the effectiveness of the threat hunt team. This includes leveraging internal data, threat trends, and operational metrics to clearly communicate the Verizon landscape to senior executives, to include the Chief Information Security Officer.
• Developing and executing long-term and short-term strategic goals and ensuring proper updates are socialized to appropriate stakeholders.
• Mentoring and advising team members by educating them on advanced techniques to help drive the operational and strategic growth of the organization.
• Promoting an environment of collaboration and individual accountability when it comes to problem-solving, decision-making, and process improvements.

• Bachelor's degree or six or more years of work experience
• Six or more years of experience in cybersecurity, with a focus on threat hunting, cloud security (AWS, GCP, Azure, OCI), and incident response

• Demonstrated experience as a key member of a security operations team (SOC, Incident Response, Threat Intel, Malware Analysis, IDS/IPS Analysis, etc.)
• Comprehensive knowledge utilizing system, cloud, application and network logs.
• High-level understanding of Operating Systems: Windows, Unix/Linux, and OSX Operating Systems in support of identifying security incidents.
• Proficient knowledge of the cyber threat landscape including types of adversaries, campaigns, and the motivations that drive them.
• Experience working with analysis techniques, identifying indicators of compromise, threat hunting, and identification of intrusions and potential incidents.
• Fundamental understanding of tactics, technologies, and procedures related to Cyber Crime, Malware, Botnets, Hacktivism, Social Engineering, APT or Insider Threat
• Knowledgeable with Regular Expressions, YARA and SIGMA rules, AQL and KQL type and at least one common scripting language (PERL, Python, Powershell)
• Knowledge on query structures like Strong understanding of cyber based adversarial frameworks including MITRE ATT&CK and Lockheed Martins Cyber Kill Chain.
• Certifications like: Network+, Security+, CISSP, CISM, GCIH, GCFA, GCFE, GREM and/or or cloud-specific certifications (ex: AWS Certified Security - Specialty, Microsoft Certified: Azure Security Engineer Associate, Google Cloud Certified Professional Cloud Security Engineer)