Responsibilities

Our Partners thrive The H-E-B Way. As a Security Engineer II: Cyber Threat Hunter you would have a…

HEART FOR PEOPLE… you have a passion for mentorship and guidance, and love for the direct person-to-person interactions that create strong bonds between teams

HEAD FOR BUSINESS… you have an ownership mentality and a consistent track record of timely delivery of high-quality software

PASSION FOR RESULTS… the ability to guide the discussion, remove roadblocks, and provide guardrails for your team as they identify challenges and propose solutions.

The cyber threat hunter is an analytical position that requires a breach-centric mindset that works closely with the Digital Security Operations Center and cyber threat intelligence capability to proactively identify previously undiscovered malicious activity in H-E-B. This role also defines and establishes the cyber threat hunting capabilities. Additionally, the must be skilled in related disciplines including incident response, forensics, and malware analysis, and be able to integrate these skills to assist in the closure of cybersecurity incidents. 

ROLE

• Leads Cyber Threat Hunting program activities. These activities involve establishing hunt hypotheses/use cases (techniques a threat actor will leverage to go undetected and evade security controls within the environment) and undertaking hunting missions to produce data and obtain matches against forensic artifacts that produce evidence that can prove or disprove the hunt hypothesis.
• Evolve the threat hunting capabilities according to the Digital Security Operations Center (DSOC) phased maturity model
• Provide technical expertise to security engineering to improve context & enrichment of security logs, events, use-cases in SIEM, endpoints, cloud, SaaS applications etc
• Develop threat hunting use-cases driven by threat intelligence or data modeling/analysis aligned to MITRE ATT&CK and Cyber Analytics Repository (CAR) threat techniques & diamond/killchain models of security response
• Execute hunts, validate findings & provide reports on gaps of alerts or controls to appropriate teams in network operations, compliance, threat management, vulnerability management etc.
• Maintain a current working knowledge of the forensic artifacts relevant in attack scenarios and how to obtain that evidence from the available technologies in the environment
• Collate performance metrics to track hunt missions and drive continuous process improvement & recommend improvements in cyber security monitoring systems (SIEM use-cases & correlation, detection coverage, network/asset models, etc.)
• Completes projects and tasks associated with security monitoring, detection, incident response, and security program initiatives. 
• Develops and documents standard operating procedures and best practices.
• Work closely with other DSOC team members, threat Intelligence analysts or providers, and other Digital Security teams to improve security platforms or tools for consumers of security operations and investigations

REQUIRED

• Minimum of two (2 ) years of security experience and a minimum of two years exposure to threat and vulnerability management.
• Development and support experience with SIEM platforms in medium to large enterprises. 
• Understanding of security issues and technologies for desktop, virtual, cloud services, and network infrastructures. 
• Must have in-depth knowledge of operating systems and IT infrastructure, while possessing a detailed technical understanding of log collection, security technologies, firewall rules, computer privileges, and databases.
• Basic operating system administration, knowledge of common network protocols, and overall familiarity with scripting are necessary skills to improve automation and efficiency.
• Experience in IT systems and security policies, standards, industry trends, and techniques. 
• Experience working with hybrid cloud infrastructure. 
• Skilled in all aspects of the attack/incident lifecycle process. The position also requires knowledge of host forensics, network forensics, offensive security, malware analysis, security monitoring, and querying large datasets.
• Research new and advanced threat techniques (TTPs) and identify methods to uncover previously unidentified attacker activity.
• Develop scripts and write complex queries to traverse large data sets using python or other data analysis methodologies.
• Analyze hunt results by programmatically sorting large data sets, performing frequency analysis, and identifying attack patterns.
• Leverage OSINT and enterprise sandboxing solutions to analyze suspicious files.
• Investigate and analyze all relevant response activities, identifying and assessing the capabilities and activities of the full spectrum of cyber threats.
• Strong understanding of Linux, NIX, Windows operating systems and command line tools, network protocols, TCP/IP fundamentals, and security infrastructure
• Strong knowledge of network security principles, protocols, and technologies (e.g., TCP/IP, DNS, VPN, SSL/TLS).
• Hands-on experience with security tools and technologies, such as SAML, OAUTH, SIEM, IDS/IPS, DLP, WAF, EDR, and vulnerability management systems.
• Proficiency in scripting and programming languages (e.g., Python, PowerShell, Bash) for automating security tasks and analysis.
• Experience writing advanced regular expressions.
• Familiarity with cloud computing platforms (e.g., AWS, Azure, GCP) and containerization technologies (e.g., Docker, Kubernetes) from a security perspective.
• Excellent analytical, problem-solving, and communication skills with the ability to collaborate effectively with diverse teams and stakeholders.
• Strong experience analyzing raw log files (i.e. firewall, IDS, PCAP, system logs)and performing data correlation.)
• Working knowledge of Python, Golang, JavaScript, PowerShell, Perl, or *nix Shell scripting (multiple). 
• Demonstrate high level of communication skills, both verbal and written with collaborative mindset
• Demonstrate a logical and structured approach to time management and task prioritization. 
• Familiarity with Agile and other project management methodologies. 
• Ability to work well under pressure and have great organizational and interpersonal skills. 

Recommended

• A Bachelor’s degree in Computer Science or Software Engineering. 
• One or more professional security certifications such as Certified Splunk Administrator, CISSP, OSCP, OSCE, GCIH, CASP, AWS Security, or equivalent. 
• Three (3) or more years experience in Information Security.
• Familiarity with PCI DSS, HIPAA, and other industry regulations 
• Experience working with Splunk Enterprise Security. 

PERKS?

• A robust Benefits plan with coverage starting Day One
• Dental, vision, life, and other insurance plans; flexible spending accounts; short term / long term disability coverage
• Partner Care Team, for any time you have healthcare or coverage questions
• Telehealth offers 24/7 access to board-certified doctors by phone
• Partner Guidance allows free counselor visits
• Funeral leave, jury duty, and military pay (subject to applicable law)
• Maternal / paternal leave for new parents, including adoptions
• 10% off H-E-B brand products in-store and online
• Eligibility to participate in 401(k)

ISSEC3232