Job Description

About Lumen
Lumen is guided by our belief that humanity is at its best when technology advances the way we live and work. With 450,000 route fiber miles serving customers in more than 60 countries, we deliver the fastest, most secure global platform for applications and data to help businesses, government and communities deliver amazing experiences. Learn more about Lumen2019s network, edge cloud, security and communication and collaboration solutions and our purpose to further human progress through technology at news.lumen.com, LinkedIn: /lumentechnologies, Twitter: @lumentechco, Facebook: /lumentechnologies, Instagram: @lumentechnologies and YouTube: /lumentechnologies.

The Role

The Cyber Threat Hunting and Offensive Security (CTHOS) Lead Information Security Engineer - Threat Hunter is a key component of working with all parts of Cyber Defense including Incident Response, Forensics, and Offensive Security. CTHOS proactively protects Lumen from emerging and existing threats by conducting hunts on Lumen's enterprise infrastructure. CTHOS makes recommendations for reducing attack surfaces, suggestions for improvements to defense stacks, creates new detection signatures for future alerting, aids major incident response efforts, and informs Lumen of threats or attackers previously unknown.

The Main Responsibilities

* Lead long-term and short-term cyber threat hunting investigations, create new detection methodologies, and support reactive cybersecurity team's ability to detect and respond to security incidents.
* Utilize threat intelligence to create hypotheses and conduct formal threat hunting in the corporate environment. Perform deep technical analysis of threat hunts with actionable recommendations.
* Hunt for and identify threat actors by researching the tactics, techniques, and procedures (TTPs) used by adversaries.
* Hunt for and identify adversaries by leveraging correlated and trend data such as host and network-based IDS/IPS, forensic, antivirus, and threat intelligence data from existing cutting-edge security technologies.
* Analyze key pieces of evidence, such as malware, network indicators, and call back channels to design and implement detection methodologies.
* Identify key visibility gaps within Lumen's enterprise and propose defense improvements to responsible teams.
* Provide investigative support of large-scale and complex security incidents with the Cybersecurity Incident Response Team (CIRT).
* In-depth knowledge of modern hacker tools, methodologies, attack trends, and current intelligence as shared publicly, by our industry partners, and government agencies.
* Review alerts generated by detection infrastructure for false positives and modify alerts as needed.
* Take initiative and proactively seek out new assignments to improve CTHOS and the overall security posture of Lumen as an organization.
* Provides leadership, mentoring, and training to junior CTHOS and CIRT members.

What We Look For in a Candidate

Minimum Qualifications

* Professional/technical certifications such as CISSP, GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), GIAC Reverse Engineering Malware (GREM), GPEN (GIAC Penetration Tester), Offensive Security Certified Professional (OSCP) or equivalent certifications in these areas.
* Undergraduate degree or equivalent experience in Cybersecurity, Computer Science, Computer Engineering, or related field.
* 5+ years of relevant Cybersecurity experience in incident response, threat intelligence, penetration testing, or related field.
* Experience with the incident response process, including detecting adversaries, log analysis using a SIEM or similar tools, and malware triage.
* Experience with analyzing root causes of malware infections and identifying impact of malware on systems.
* Experience or knowledge of lateral movement, footholds, and data exfiltration techniques.
* Experience with analyzing packet flow, TCP/UDP traffic, firewall, IDS/IPS, and antivirus technologies.
* Experience or knowledge of typical behaviors of both malware and adversaries.
* Experience creating threat detection content for various technologies.
* Strong verbal and written communication skills.
* Strong critical thinking skills, with a demonstrated ability to work independently and with a team.

Preferred qualifications

* Experience with attack frameworks such as the Cyber Kill Chain and MITRE ATT&CK.
* Experience with one or more programming languages, such as Python or Bash.
* Experience reverse engineering malware and performing malware analysis.
* May require Federal Suitability or Clearance for system access

Requisition : 244139

EEO Statement
We are committed to providing equal employment opportunities to all persons regardless of race, color, ancestry, citizenship, national origin, religion, veteran status, disability, genetic characteristic or information, age, gender, sexual orientation, gender identity, marital status, family status, pregnancy, or other legally protected status (collectively, 201Cprotected statuses). We do not tolerate unlawful discrimination in any employment decisions, including recruiting, hiring, compensation, promotion, benefits, discipline, termination, job assignments or training.

Disclaimer
The above job definition information has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job. Job duties and responsibilities are subject to change based on changing business needs and conditions.