Senior Threat Hunting Analyst

Founded in 2010, CLEAR’s mission is to create frictionless experiences. With more than 12 million members and hundreds of partners across the world, CLEAR’s identity platform is transforming the way people live, work, and travel. Whether it’s at the airport, stadium, or right on your phone, CLEAR connects you to the things that make you, you - making everyday experiences easier, more secure, and more seamless. Since day one, CLEAR has been committed to privacy done right. 

We are looking for a Senior Threat Hunting Analyst to join our team. The ideal candidate has a strong drive to solve security challenges and the desire to implement best-in-class security measures using cutting edge technology. The right person for this role has a proven track record of delivering high-quality security solutions in a scaling environment.

What You Will Do:

• Implement new detection capabilities and improve upon existing security tools and playbooks
• Review audit logs and identify/audit behavior
• Create and disseminate summary reports, investigation reports, and threat briefs
• Recommend remediation activities to secure the source or initial point of access of intrusion
• Collaborate with threat intelligence support teams to mitigate risk from contact and horizon threats
• Provide targeted attack detection and analysis, including the development of custom signatures and log queries and analytics for the identification of targeted attacks
• Develop and execute custom scripts to identify host-based indicators of compromise. Determine scope of intrusion identifying the initial point of access or source
• Provide executive level cyber security strategic recommendations along with security engineering recommendations and custom solutions to counter adversarial activity
• Develop analytics to correlate IOCs and maximize threat detection capabilities based off defense analysis processes. Conduct analysis of network traffic and host activity across a wide array of technologies and platforms
• Assist in incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts. Compile detailed investigation and analysis reports for internal SOC consumption and delivery to management
• Develop detection techniques and countermeasures in response to threat actor tactics, techniques, and procedures (TTPs)
• Analyze network traffic, IDS/IPS events, packet capture, FW logs, malicious campaigns and evaluate the effectiveness of security technologies
• Provide expert analytic investigative support of large scale and complex security incidents
• Support the incident response team by providing advanced analysis services when requested to include recommending containment and remediation processes, independent analysis of security events
• Perform Root Cause Analysis of security incidents for further enhancement of alert catalog. Review alerts generated by detection infrastructure for false positive alerts and modify alerts as needed
• Provide forensic analysis of network packet captures, DNS, proxy, vpcflow, malware, host-based security and application logs, as well as logs from various types of security sensors
• Provide executive level cyber security strategic recommendations along with security engineering recommendations and custom solutions to counter adversarial activity

Who You Are:

• Bachelor’s degree in Computer Science, Information Systems Management, Engineer or related field; equivalent experience considered
• 6 to 10 years of experience with the incident response process, including detecting advanced adversaries, log analysis using SIEM, and malware triage and identification
• Highly desired: Certifications such as OSCP or other recognized pentesting or threat hunting certs
• Knowledge and experience with digital forensic processes, chain of custody, and evidence preservation to include disk, file, memory, and network capture, imaging and analysis
• Experience with packet analysis and usage of deep packet inspection toolsets
• Knowledge and experience working with the Cyber Kill Chain Model, Diamond Model or MITRE ATT&CK Matrix
• Working knowledge of Advanced Persistent Threats and cyber crime TTPs
• Strong working knowledge of EDR and SOAR solutions
• Strong experience with Splunk and Splunk Enterprise security and possess the ability to apply analytical techniques to large data sets
• Strong experience with Azure and AWS cloud infrastructure/security
• Strong usage of scripting languages for automation, such as Python, Powershell, Bash
• Experience with Security Operations
• A working understanding of mobile and container security

#LI-Hybrid