Con Edison
Senior Threat Intelligence and Threat Hunting Analyst
Con Edison, New York, New York, us, 10261
Senior Threat Intelligence and Threat Hunting Analyst
Base pay range: $125,000.00/yr - $135,000.00/yr
Overview Come join us at Con Edison! We are actively seeking highly skilled and motivated Cybersecurity Engineers to become integral members of our growing Advanced Cyber Defense team. This senior role offers a unique opportunity to significantly enhance our threat intelligence, threat hunting, and detection engineering programs. You'll play a pivotal role in helping us stay ahead of emerging threats and ensuring the security of our systems.
Responsibilities
Gather, process, and analyze threat data from different sources to create actionable threat intelligence.
Create and deliver in-depth threat intelligence and threat landscape reports, briefings, and presentations tailored for both technical and non-technical stakeholders.
Provide situational awareness updates to senior leadership on high-priority threats and geopolitical developments impacting cybersecurity.
Create and maintain threat profiles for key adversaries targeting the organization or sector.
Manage a threat intelligence platform (TIP) and ensure proper integration with SIEM, SOAR, and other security tools.
Manage the assessment and follow-up of third-party security incidents or compromises.
Design and perform threat hunts and purple team exercises to identify malicious activity, misconfigurations, and visibility gaps.
Help create and maintain detection content, new alerts, dashboards, documentation, playbooks, guidelines, and metrics.
Design, implement, and maintain automated workflows for threat intelligence and threat hunting workflows.
Serve as a Tier 3 escalation point for the Cybersecurity Operations Center (CSOC) and major Incident Response.
Evaluate and recommend new tools and technologies to enhance capabilities.
Qualifications Required Education/Experience
Master's Degree in Computer Science, Cybersecurity, or other related area and 2 years of relevant work experience.
Bachelor's Degree in Computer Science, Cybersecurity, or other related area and 3 years of relevant work experience.
Associate's Degree in Computer Science, Cybersecurity, or other related area and 4 years of relevant work experience.
High School Diploma/GED and 5 years of relevant work experience.
Relevant Work Experience
Experience in threat intelligence, threat hunting, detection engineering, or a related cybersecurity role, required.
Deep understanding of cyber threat intelligence and threat hunting frameworks, methodologies, and approaches, required.
Familiarity with threat intelligence tools and platforms (e.g., TIP, Shodan, VirusTotal), required.
Strong experience in analyzing IOCs, TTPs, user logs, host logs, network logs, and/or PCAPs to detect malicious activity, required.
Strong understanding of the MITRE ATT&CK Framework, preferred.
Strong understanding of Incident Management and Incident Response frameworks, preferred.
Strong knowledge in Splunk Enterprise Security and Splunk SOAR, preferred.
Experience using Microsoft Sentinel and KQL, preferred.
Strong programming experience with Python or a similar language, preferred.
Knowledge of digital forensics and investigation techniques, particularly on Windows and Linux, preferred.
Knowledge on cloud security and cloud architecture best practices, preferred.
OT/ICS Security knowledge, preferred.
Skills and Abilities
Strong technical aptitude.
Excellent collaboration and team building skills.
Strong verbal communication and listening skills.
Demonstrated written communication skills.
Proficient in Microsoft Office including Word, Excel, Outlook, and PowerPoint.
Licenses and Certifications
Driver's License Required.
Technical certifications (e.g., CISSP, CISM, CIPP, etc.) Preferred.
Additional Physical Demands
Assigned a System Emergency Assignment and expected to work non-business hours during emergencies, which may include nights, weekends, and holidays.
Must be able and willing to travel within Company service territory as needed.
Must be available 24/7, on call, and/or participate in off-hour emergency response activities as required.
#J-18808-Ljbffr
Overview Come join us at Con Edison! We are actively seeking highly skilled and motivated Cybersecurity Engineers to become integral members of our growing Advanced Cyber Defense team. This senior role offers a unique opportunity to significantly enhance our threat intelligence, threat hunting, and detection engineering programs. You'll play a pivotal role in helping us stay ahead of emerging threats and ensuring the security of our systems.
Responsibilities
Gather, process, and analyze threat data from different sources to create actionable threat intelligence.
Create and deliver in-depth threat intelligence and threat landscape reports, briefings, and presentations tailored for both technical and non-technical stakeholders.
Provide situational awareness updates to senior leadership on high-priority threats and geopolitical developments impacting cybersecurity.
Create and maintain threat profiles for key adversaries targeting the organization or sector.
Manage a threat intelligence platform (TIP) and ensure proper integration with SIEM, SOAR, and other security tools.
Manage the assessment and follow-up of third-party security incidents or compromises.
Design and perform threat hunts and purple team exercises to identify malicious activity, misconfigurations, and visibility gaps.
Help create and maintain detection content, new alerts, dashboards, documentation, playbooks, guidelines, and metrics.
Design, implement, and maintain automated workflows for threat intelligence and threat hunting workflows.
Serve as a Tier 3 escalation point for the Cybersecurity Operations Center (CSOC) and major Incident Response.
Evaluate and recommend new tools and technologies to enhance capabilities.
Qualifications Required Education/Experience
Master's Degree in Computer Science, Cybersecurity, or other related area and 2 years of relevant work experience.
Bachelor's Degree in Computer Science, Cybersecurity, or other related area and 3 years of relevant work experience.
Associate's Degree in Computer Science, Cybersecurity, or other related area and 4 years of relevant work experience.
High School Diploma/GED and 5 years of relevant work experience.
Relevant Work Experience
Experience in threat intelligence, threat hunting, detection engineering, or a related cybersecurity role, required.
Deep understanding of cyber threat intelligence and threat hunting frameworks, methodologies, and approaches, required.
Familiarity with threat intelligence tools and platforms (e.g., TIP, Shodan, VirusTotal), required.
Strong experience in analyzing IOCs, TTPs, user logs, host logs, network logs, and/or PCAPs to detect malicious activity, required.
Strong understanding of the MITRE ATT&CK Framework, preferred.
Strong understanding of Incident Management and Incident Response frameworks, preferred.
Strong knowledge in Splunk Enterprise Security and Splunk SOAR, preferred.
Experience using Microsoft Sentinel and KQL, preferred.
Strong programming experience with Python or a similar language, preferred.
Knowledge of digital forensics and investigation techniques, particularly on Windows and Linux, preferred.
Knowledge on cloud security and cloud architecture best practices, preferred.
OT/ICS Security knowledge, preferred.
Skills and Abilities
Strong technical aptitude.
Excellent collaboration and team building skills.
Strong verbal communication and listening skills.
Demonstrated written communication skills.
Proficient in Microsoft Office including Word, Excel, Outlook, and PowerPoint.
Licenses and Certifications
Driver's License Required.
Technical certifications (e.g., CISSP, CISM, CIPP, etc.) Preferred.
Additional Physical Demands
Assigned a System Emergency Assignment and expected to work non-business hours during emergencies, which may include nights, weekends, and holidays.
Must be able and willing to travel within Company service territory as needed.
Must be available 24/7, on call, and/or participate in off-hour emergency response activities as required.
#J-18808-Ljbffr