Cyber Threat Hunter (119359)

Work Place Flexibility: Hybrid

Legal Entity:Entergy Services LLC

***This is a hybrid position and can be located in The Woodlands TX Jackson MS Little Rock AR or New Orleans LA. Relocation assistance and sponsorship is not provided.The official title will be Info Sec Analyst Sr or Info Sec Analyst Sr Lead depending on the qualifications and experience of the selected candidate.***

Job Summary/Purpose:

The Cyber Threat Hunter will work proactively to detect and respond to advanced threats that evadetraditional and modern security tools. Threat Hunters will leverage threat intelligence behavioralanalytics and advanced threat detection tools to uncover hidden risks and ensure the security ofour systems and data.The Cyber Threat Hunter will coordinate the results of threat hunts with the Entergy ConsolidatedSecurity Operations Center (CSOC) which is responsible for preventing identifying containing anderadicating threats through monitoring intrusion detection and preventive measures to assetsincluding LAN/WAN IT-OT and cloud infrastructure. The CSOC is responsible for continuousimprovement to detection of threats rapid response and reports of suspected or confirmedsecurity incidents.The role will report to the Manager of the CSOC and will manage day-to-day tasks as noted belowwith additional projects as they arise. We are looking for a skilled information security professionalhaving the experience in identifying isolating and resolving advanced threats within theorganization. The threat hunter will play a prominent role in combating threats using foundationaland advanced detection techniques as well as implement deception capabilities. This position willactively search for vulnerabilities and help to mitigate risks that could affect the organization. The

Information Security Analyst Sr will be responsible for assisting in investigating and responding tomore advanced security incidents understanding and mitigating attack vectors and stayingabreast of the evolving threat landscape.

Primary Responsibilities:

• Create threat models to better understand the Entergy IT enterprise identify gaps toimprove defensive controls expand offensive security capabilities and prioritize mitigations
• Utilize Threat Models along with Threat Intelligence to create threat hypothesis
• Plan and scope threat hunt missions to verify threat hypothesis
• Develop and maintain work instructions SOPs playbooks
• Assist in expanding and maintaining the Forensics program
• Proactively and iteratively search through systems and networks to detect advanced threats
• Analyze network host and application logs
• Analyze malware and code
• Have an understanding and knowledge of deception capabilities against advanced threats
• Experience implementing deploying and/or operating deception technologies and tactics
• Prepare and report risk analysis and threat findings to appropriate stakeholders
• Able to lead hunt missions with minimal to no supervision or guidance
• Recommend course of actions best practices and mitigating actions to improve securitypractices
• Experience briefing senior level leaders and executives as well as the ability to translatetechnical topics into non-technical terms for decision making
• Develop queries for the CSOC for new detections to new attacks
• Ability to stay up to date for maintaining and understanding the cyber threat landscapethreat actors and activity to enhance Entergys cybersecurity posture.
• Identify track and investigate high priority threat campaigns malicious actors of interestcapabilities and TTPs
• Create workflows and automation within the security tools
• Collaborate and coordinate with business units to improve threat detection response andimprove the overall security posture
• Participate in post-incident reviews to identify lessons learned and best practices.
• Knowledgeable in Industrial Control Systems (ICS) and Operational Technology (OT) toprotect critical infrastructure and operational assets.
• Available to travel up to 25%

Will be responsible for:

• Reviewing current and emerging cyber threat intelligence to maintain situational awarenessand initiate hunts
• Maintaining threat hunts along with providing support to the CSOC as needed duringadvanced incident escalations
• Creating and providing weekly briefings of reports
• Collecting aggregating and reporting on metrics from threat hunts and security cases
• Conducting in-depth technical analysis on host-based network-based cloud-focused andmobile systems to identify advanced threats that evade traditional detection systems andsignatures

MINIMUM REQUIREMENTS

Minimum education required of the position.

Bachelors degree (i.e. Cybersecurity Information security IT computer science etc.) or 6 yearsof prior relevant experience. Additional experience and certifications may be considered in lieu of adegree.

Minimum experience required of the position

Information Security Analyst Sr: 6 years recent experience in a technical role in the areas of Security Operations incident response detection engineering offensive security/red team or cyber threat intelligence

Information Security Analyst Sr Lead: 8 years recent experience in a technical role in the areas of Security Operations incident response detection engineering offensive security/red team or cyber threat intelligence

• Experience performing threat hunting in an active corporate environment
• Experience with host-based and network-based security monitoring using cybersecuritycapabilities
• Experience with offensive security strategies and assessment methodology
• Ability to see the larger picture when dealing with competing requirements and needs
• Ability to navigate and work effectively across a complex organization
• Experience with more than one or more enterprise EDR and SIEM tool
• Experience with digital forensics or incident response on major security incidents
• Ability to apply Cyber Threat Intelligence through enrichment correlation and attribution
• Experience consuming and analyzing Cyber Threat Intelligence for actionable takeaways
• Experience working with log analysis tools
• Experienced developing scripts to support cyber threat detection
• Ability to work independently with minimal direction; self-starter / self-motivated

Minimum knowledge skills and abilities required of the position

• Good planning organizational and time management skills; detail and process-oriented;able to juggle multiple priorities.
• Understanding of MITRE ATT&CK Framework
• Good problem-solving/decision making ability
• Good written and verbal communication skills.
• Good interpersonal skills including teamwork.
• Highly collaborative able to work cross-functionally; possessing the ability to forgerelationships and partner effectively
• Resourceful and self-motivated able to work independently when required
• Good analytical critical thinking and decision-making skills
• Cloud IT-OT understanding of secure monitoring and incident response
• Understanding of systems (including industrial control systems)
• Good report writing and communication and ability to effectively communicate across theorganization
• Demonstrated commitment to customer service with excellent oral and writtencommunication skills
• Self-motivated with ability to work independently and in a team setting while following upon multiple tasks

Any certificates licenses etc. required for the position

• One ormore technical or InfoSec certifications are a plus i.e. CompTIA ISACA EC-Council orISC2.
• GIAC Certified Incident Handler
• GIAC Certified Forensic Analyst
• CISSP
• SANS GCIA Intrusion Analyst
• SANS GMON Continuous Monitoring Certification
• CCSP Certified Cloud Security Professional
• GIAC Penetration Tester
• Kali Linux Offensive Security Certified Professional (OSCP)

Technical Competencies

• Hands-on technical engineering and process management skills and the ability to advocatepositive transformation
• Knowledgeable about security operations cyber security monitoring intrusion detectionand secured networks
• In-depth knowledge of common networking protocols
• Understanding of complex Enterprise networks to include routing switching firewallsproxies load balancers
• Expertise in network and host-based analysis and investigation
• Proficient with scripting languages such as PowerShell or Python
• Master knowledge of multiple UNIX OS platforms and Windows-based operating systems
• Master knowledge of current IT Security trends and best practices in technology as well asmonitoring best practices and tools
• Master knowledge of security risk and control frameworks and standards such as ISO
• 27001 and 27002 SANS-CAG NIST FISMA COBIT COSO and ITIL

#LI-TR1

#LI-HYBRID

Primary Location: Texas-The WoodlandsTexas : The Woodlands
Arkansas : Little Rock
Louisiana : New Orleans
Mississippi : Jackson
Job Function: Professional
FLSA Status: Professional
Relocation Option: No Relocation Offered
Union description/code: NON BARGAINING UNIT
Number of Openings: 1
Req ID: 119359
Travel Percentage:Up to 25%

An Equal Opportunity Employer Minority/Female/Disability/Vets. Please click here to view the EEI page or see statements below.

EEO Statement:The Entergy System of Companies provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race color religion sex gender sexual orientation gender identity or expression national origin age disability genetic information marital status amnesty or status as a protected veteran in accordance with applicable federal state and local laws. The Entergy System of Companies complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment including but not limited to recruiting hiring placement promotion termination layoff recall transfer leaves of absence compensation and training.

The Entergy System of Companies expressly prohibits any form of unlawful employee harassment based on race color religion sex gender sexual orientation gender identity or expression national origin age genetic information disability or veteran status. Improper interference with the ability of the Entergy System of Company employees to perform their expected job duties is absolutely not tolerated.

Accessibility:Entergy provides reasonable accommodations for online applicants. Requests for a reasonable accommodation may be made orally or in writing by an applicant employee or third party on his or her you are an individual with a disability and you are in need of an accommodation for the recruiting process please clickhereand provide your name contact number the accommodation requested and the requisition number that you are requesting the accommodation for. Employee Services will contact you regarding your request.

Additional Responsibilities:As a provider of essential services Entergy expects its employees to be available to work additional hours to work in alternate locations and/or to perform additional duties in connection with storms outages emergencies or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.

Equal Opportunity

The non-confidential portions of the affirmative action program for individuals with disabilities and protected veterans shall be available for inspection upon request by any employee or applicant for employment. Please to schedule a time to review the affirmative action plan during regular office hours.

WORKING CONDITIONS:
As a provider of essential services Entergy expects its employees to be available to work additional hours to work in alternate locations and/or to perform additional duties in connection with storms outages emergencies or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.

Please note: Authorization to work in the United States is a precondition to employment in this position. Entergy will not sponsor candidates for work visas for this position.