IT Security Analyst- Adversary Threat Hunter
Description
SCS Technology Security
Adversary Threat Hunter - IT Security Analyst, Senior/Analyst, II
Job Description
At Southern Company, our core objective is to ensure safe and reliable computing environment for the consumers of our services, both internally and externally. Our complex environment generates a constant stream of challenges which require continual innovation with an evolving set of technologies. Keeping the network safe and reliable ensures that our users stay connected with our applications, products and services. Southern Company is committed to supporting the professional development and growth of its employees and fosters an environment of diversity, equity, and inclusion.
Position Overview:
Southern Company is seeking a passionate and experienced Adversary Threat Hunter to join our Technology Security organization. This is a technical, hands-on role that requires the ability to support and self-direct hunting engagements to find evidence of suspicious behavior, adversarial behavior, or unauthorized access to the Southern Company network and systems. This position is responsible for conducting threat hunting engagements, advising the implementation of security technologies and controls to improve defensive posture, advising and implementing processes in support of investigations, advising detection engineering efforts, and supporting incident response efforts supported by hunting engagements.
The ideal candidate will have a strong background in cyber security and security operations, with a blend of forensic, investigative, analytical, threat intelligence, and technical skills.
Qualifications:
Bachelor's degree in computer science, technology, engineering or security-related field or equivalent experience
Minimum 5 years IT security experience
Broad knowledge of core information security principles (e.g., access control, least privilege, data integrity)
Thorough understanding of network design principles (including topology, protocols, network components, and principles)
Thorough understanding of TCP/IP network stack, network technologies, network traffic analysis and protocols
Practical experience with Splunk or comparable Security Information and Event Management (SIEM)
Demonstrated experience in security operations, including SOC and security monitoring, incident response, host/network forensics, penetration testing, cyber threat intelligence, malware analysis, or security consulting
Demonstrated ability to work outside of the standard enterprise tools and alerts to identify adversarial behavior
Experience with and understanding of one or more security frameworks - Cloud Security Alliance, PCI DSS, Assurance Registry from the Cloud Security Alliance, NIST CSF, Cyber Kill Chain, Pyramid of Pain, Diamond Model for intrusion analysis and MITRE ATT&CK
Familiarity with adversarial TTPS, including those related to Cyber Crime, Malware, Botnets, Hacktivism, Social Engineering, or Insider Threat
Understanding of OWASP common vulnerabilities and testing methodologies
Understanding of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, code injection, race conditions, covert channel, replay, return-oriented attacks)
Ability to effectively organize tasks, manage multiple priorities/details, meet schedules, and deliver on commitments
Solid verbal and written communication skills required
Job Responsibilities:
Support and advise development of program objectives, priorities, and strategy
Design and conduct structured, hypothesis driven threat hunting engagements
Collect and analyze data from multiple sources and tools to discover evidence of anomalies and adversarial behavior
Monitor and analyze security tool alerts and SOC events to identify potential trends and priorities for targeted hunting engagements
Maintain knowledge of the current security threat landscape by monitoring related internet postings, intelligence reports and other sector specific sources as necessary
Work alongside Cyber Threat Intelligence team to evaluate and gain knowledge regarding threat actor behaviors, TTPs, and cyber threat landscape
Support detection engineering team and security monitoring efforts by advising the development of enhanced SIEM detection content and capabilities to identify the presence of cyber threats or predict potential attacks
Advise and support implementation of security controls and solutions to improve defensive capabilities based on lessons learned from hunting engagements
Generate reports detailing assessment findings, attack paths, exploitation procedures, and recommended mitigation techniques
Partner with Threat Analysis and Incident Response teams to create initiatives focused on evaluating threat actors' techniques and identify solutions to improve defensive capabilities
Support incident response, remediation, and recovery efforts identified through hunting engagements as well as development of threat scenarios, and response playbooks
Collaborate with peers from across the organization and maintain excellent working relationships with key partners across Technology Organization functions and business partners
Demonstrate Southern Company values of Safety First, Unquestionable Trust, Superior Performance, and Total Commitment
Job Requirements :
Must be willing and able to obtain and maintain US government security clearance
Required to submit to a thorough background examination
Ability to understand business requirements and present appropriate solutions
Ability to work independently or within a team
Demonstrated critical, independent thinking; demonstrated ability to conceive and present creative solutions
Must pass NERC CIP & Insider Threat Protection background checks
One or more relevant industry certifications (GSEC, CISSP, GCIA, GMON, GCFA, GCFE, GREM, CEH, OSCP)
Occasional travel to local and regional locations in pursuit of job duties and requirements
Disclaimer:
This information describes the general nature and level of work performed by employees in this job. The description is not designed to be a comprehensive inventory of duties, responsibilities and qualifications required in the job. Reasonable accommodations may be made to qualified disabled individuals for performance of essential duties and responsibilities.
Southern Company is an equal opportunity employer where an applicant's qualifications are considered without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity or expression, or any other basis prohibited by law.
Job Field: Information Technology
Job Type: Standard
Primary Location: Georgia-Metro Atlanta-Atlanta
Operating Company: Southern Company Services
Other Locations: Alabama-Metro Birmingham/Eastern AL-Birmingham
Job Type: Standard
Travel (Up to...): Yes, 25 % of the Time
Work Location(s):
Georgia Power Headquarters - 241 Ralph McGill Blvd. NE (241ATLANTA)
241 Ralph McGill Blvd. NE
Atlanta, 30308
The Energy Center - 3535 Colonnade Parkway (3535Birmingham)
3535 Colonnade Parkway
Birmingham, 35243
Req ID: SCS2010767
