Information Security Analyst Senior Lead - Threat Hunter

Overview

Job Title: Information Security Analyst Senior Lead - Threat Hunter

Work Place Flexibility: Hybrid

Legal Entity: Entergy Services, Inc.

-ESI (OLD)

Location: The Woodlands, TX;
Little Rock, AR;
Jackson, MS;
New Orleans, LA

The Cyber Threat Hunter will work proactively to detect and respond to advanced threats that evade traditional and modern security tools. Threat Hunters will leverage threat intelligence, behavioral analytics, and advanced threat detection tools to uncover hidden risks and ensure the security of our systems and data.

The Cyber Threat Hunter will coordinate the results of threat hunts with the Entergy Consolidated Security Operations Center (CSOC), which is responsible for preventing, identifying, containing and eradicating threats through monitoring, intrusion detection and preventive measures to assets including LAN/WAN, IT-OT and cloud infrastructure. The CSOC is responsible for continuous improvement to detection of threats, rapid response, and reports of suspected or confirmed security incidents.

The role reports to the Manager of the CSOC and will manage day-to-day tasks with additional projects as they arise. We are looking for a skilled information security professional with experience in identifying, isolating and resolving advanced threats within the organization. The threat hunter will play a prominent role in combating threats using foundational and advanced detection techniques as well as implementing deception capabilities.

This position will actively search for vulnerabilities and help mitigate risks that could affect the organization. The Information Security Analyst Sr Lead will be responsible for assisting in investigating and responding to more advanced security incidents, understanding and mitigating attack vectors, and staying abreast of the evolving threat landscape.

• Create threat models to better understand the Entergy IT enterprise, identify gaps to improve defensive controls, expand offensive security capabilities and prioritize mitigations
• Utilize Threat Models along with Threat Intelligence to create threat hypothesis
• Plan and scope threat hunt missions to verify threat hypothesis
• Develop and maintain work instructions, SOPs, playbooks
• Assist in expanding and maintaining the Forensics program
• Proactively and iteratively search through systems and networks to detect advanced threats
• Analyze network, host, and application logs
• Analyze malware and code
• Understand and knowledge of deception capabilities against advanced threats
• Experience implementing, deploying and/or operating deception technologies and tactics
• Prepare and report risk analysis and threat findings to appropriate stakeholders
• Able to lead hunt missions with minimal to no supervision or guidance
• Recommend course of actions, best practices and mitigating actions to improve security practices
• Experience briefing senior level leaders and executives and translate technical topics for decision making
• Develop queries for the CSOC for new detections to new attacks
• Stay up to date with the cyber threat landscape and activity to enhance Entergy’s cybersecurity posture
• Identify, track and investigate high priority threat campaigns, malicious actors of interest, capabilities and TTPs
• Create workflows and automation within the security tools
• Collaborate and coordinate with business units to improve threat detection, response, and overall security posture
• Participate in post-incident reviews to identify lessons learned and best practices
• Knowledgeable in Industrial Control Systems (ICS) and Operational Technology (OT) to protect critical infrastructure and operational assets
• Willing to travel up to 25%

• Reviewing current and emerging cyber threat intelligence to maintain situational awareness and initiate hunts
• Maintaining threat hunts and providing support to the CSOC during advanced incident escalations
• Creating and providing weekly briefings of reports
• Collecting, aggregating and reporting on metrics from threat hunts and security cases
• Conducting in-depth technical analysis on host-based, network-based, cloud-focused, and mobile systems to identify…