Full-Time Threat Hunter

The Threat Hunter identifies threat actor tactics, techniques, and procedures (TTPs) by analyzing large data sets and correlating information and behavioral indicators. This role will proactively identify and analyze emerging threats, provide support to security operations and response teams, mentor and share knowledge, and contextualize threats to business operations and assets. Day to day activities will include actively hunting for indicators of compromise and APT tactics, techniques, and procedures within the environment, as well as researching new threats as they emerge and identifying opportunities for improvement.

Key Responsibilities:

• Actively search through vast datasets, including security event logs, network security logs, endpoint data, and cloud security logs to uncover hidden threats and indicators of compromise (IOCs).
• Create and refine complex analytical queries used to hunt behavioral TTPs identified through hypothesis generation and informed by threat intelligence.
• Seek input from team members and subject matter experts to refine hunting data and build context for hunts and alerts.
• Innovate hunting query development by leveraging all relevant data sources and resources to perform analysis.
• Create, recommend, and assist with the development of security content resulting from threat hunting.
• Review data from incident writeups, malware reports, and other technical documentation to create hunting opportunities.
• Participate in purple team exercises, working with others to hunt on exercises conducted in coordination with detection and response.
• Write technical threat hunt reports which highlight hunt activities, results, escalations, remediation items, and gaps.

• Minimum 3 years of cybersecurity experience in threat hunting, incident response, digital forensics, cyber intelligence, or related fields.
• Expert knowledge of security technologies and related data sets that enable cyber threat hunt operations including operating system logs, network logs, EDR, cloud environments and others.
• Tactical, operational, and strategic knowledge of the cyber threat landscape to include different types of adversaries, campaigns, and motivations.
• Knowledge of industry recognized security and analysis frameworks (MITRE ATT&CK, Kill Chain, Diamond Model, NIST Incident Response, etc.).
• Experience in network and host-based analysis and investigation.
• Experience with Splunk Search Processing Language (SPL), LogScale, and Endpoint Detection and Response (EDR) tools or other SIEM technologies and query languages.
• Understanding of complex enterprise networks to include endpoint, network, email, identity management, and administration systems.
• Deep understanding of network and host-based security concepts, including protocols (HTTP, DNS, SMB), operating systems (Windows, Linux, macOS), authentication protocols, and security tools (SIEM, EDR, SOAR).
• Excellent analytical and problem-solving skills, detail-oriented, and able to communicate process and findings verbally and through reports.
• General understanding of various cloud technologies and the security implications behind them

Fully Remote: This position has been designated as fully remote, meaning that the position is expected to contribute from a non-NBCUniversal worksite, most commonly an employee’s residence.

This position is eligible for company sponsored benefits, including medical, dental and vision insurance, 401(k), paid leave, tuition reimbursement, and a variety of other discounts and perks. Learn more about the benefits offered by NBCUniversal by visiting the Benefits page of the Careers website. Salary range: $125,000 - $165,000 (bonus eligible)

As part of our selection process, external candidates may be required to attend an in-person interview with an NBCUniversal employee at one of our locations prior to a hiring decision.

NBCUniversal's policy is to provide equal employment opportunities to all applicants and employees without regard to race, color, religion, creed, gender, gender identity or expression, age, national origin or ancestry, citizenship, disability, sexual orientation, marital status, pregnancy, veteran status, membership in the uniformed services, genetic information, or any other basis protected by applicable law.

If you are a qualified individual with a disability or a disabled veteran, you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access nbcunicareers.com as a result of your disability. You can request reasonable accommodations by emailing AccessibilitySupport@nbcuni.com.

For LA County and City Residents Only: NBCUniversal will consider for employment qualified applicants with criminal histories, or arrest or conviction records, in a manner consistent with relevant legal requirements, including the City of Los Angeles' Fair Chance Initiative For Hiring Ordinance, the Los Angeles' County Fair Chance Ordinance for Employers, and the California Fair Chance Act, where applicable.

What is the last date for applying to the job?

Which countries are accepted for this remote job?