Cyber Threat Hunter

Position Title

Cyber Threat Hunter I

Des Moines, IA, United States

Proactively identify cybersecurity incidents that may go undetected by other security tools. Respond to real‑time security incidents and support activities for response. Act as a liaison between the threat intelligence teams and the analyst teams to coordinate on emerging threats to the BHE networks.

• Hunt for existing threats or vulnerabilities already present in the networks. Analyze and correlate large data sets to uncover threats and attack techniques. This may entail taking emerging or developing reports of attacks and building or adjusting queries as needed to ensure the protection of the environment. 40%
• Coordinate with threat intelligence analysts on emerging threats to the company or industry, seeking out potential issues in the environment. 30%
• Assist endpoint and network protection SMEs in the development of protective or detective queries in existing tool sets that will allow for near real‑time detection. When there is no threat immediately present, the potential for the threat in the future should be alerted on or blocked accordingly. 10%
• Advise on tools, techniques, or policies to advance the posture and monitoring functions of the security operations center. This also includes environments beyond the enterprise networks such as Industrial Control System (ICS) environments. 10%
• Provide timely and accurate cross‑platform support in response to security threats. (10%)

• Bachelor's degree in Computer Science, Information Technology, or related field; or equivalent work experience.
• Direct experience performing threat hunting in an enterprise environment.
• Two years of experience in a technical role within a Security Operations Center, Incident Response Team, or Threat Intelligence.
• At least one year of hands‑on experience with a production security toolset. Experience with an EDR/MDR/XDR, network tapping infrastructure, and security automation is preferred.
• Knowledge of security principles is desired through achievement and active pursuit of advanced security certification including CISM or CISSP or equivalent.
• Familiarity with at least one programming and scripting language such as PERL, Python, Ruby, C#, C++, Go, Rust, BASH, and Powershell, as well as open source security tools such as Syslog‑NG, SNORT, Cuckoo, etc.
• Ability to construct and execute complex database queries using SQL (Structured Query Language), KQL (Kibana Query Language), or eDSL (Elasticsearch Domain Specific Language).
• General knowledge of information technology terms, equipment, systems, functions, and major vendors – Information Technology work experience strongly preferred (Server, endpoint, network, etc.).
• Effective interpersonal skills and customer relationship skills.
• Effective analytical, problem‑solving, and decision‑making skills.
• Project management skills; ability to prioritize and handle multiple tasks and projects concurrently.
• Employees must be able to perform the essential functions of the position, with or without an accommodation.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.