Senior Security Engineer - Threat Hunt Lead

Company Overview

Sleep Number team members are part of a passionate, purpose-driven culture that supports improving the health and wellbeing of society through higher quality sleep. We are not just focused on our customers, however; being employed by Sleep Number means your personal wellbeing is important, too. As we continue to grow, we are looking for team members who will bring their unique personalities, backgrounds, and skills to work. Whether you are entering, returning, or experienced in the workforce, we have a place for you.

In our 35+ years in the industry we have improved over 14 million lives, and we are just getting started. With 5,000+ team members nationwide supporting work disciplines from technology to manufacturing, retail stores to field services technicians, corporate teams to customer service, we are a sleep innovation leader because of our team members. Now is a great time to join us as we invest further in our people and sleep innovation. #TeamSleepNumber

Position Purpose:

The Senior Information Security Engineer - Threat Hunt Lead is responsible for performing proactive detection of advanced threat actors within our network and systems and also help to advance security engineering practices at Sleep Number. This senior engineer/threat hunt lead will develop strategies and plans under the direction of Information Security and IT Leadership to identify evidence of actual and potential threat actor activity and working with engineering and security teams to improve our detection capabilities and security controls.

As a Senior Security Engineer / Threat Hunter, you will be responsible for continuously growing your own technical skill set, closely following threat bulletins, and quickly analyzing their potential to Sleep Number systems and providing technical leadership within the Security Operations & Incident Response team. You will lead Hunt Operations, propose, and drive tactical initiatives, and have an active voice in defining the strategic direction of the team. You will represent the Cyber Security Operations team in cross-functional initiatives, and mentor and grow junior analysts when needed.

Primary Responsibilities:

• Conduct threat hunting operations in Sleep Number's most complex, critical, and high-risk environments.
• Analyze log data to detect active threats within the network using knowledge of the current threat landscape, threat actor techniques, and the internal network.
• Plan and scope Hunt activities based on Threat Intel reporting, knowledge of Sleep Number's network, and Hunt team capabilities.
• Lead the establishment of a red/blue/purple team capability, including an operational model (people, process, and technology). Drives red/blue/purple team capability improvements over time
• Perform advanced threat research to proactively identify potential threat vectors and work with security engineering, IT, and other technology teams to improve prevention and detection methods.
• Based on research, identify gaps in attack surface visibility, logging and detections to provide recommendations for technical control improvements and prioritization to Information Security Leadership.
• Proactively engage partners across technology teams to learn about Sleep Number's environment. Build productive working relationships.
• Conduct application, API, and network penetration testing (internal or though partners) aimed at various systems, applications and networks based on leadership-directed prioritization.
• Analyze malicious code, packet capture files, and artifacts.
• Provide technical leadership through the complete lifecycle of a hunt operation when warranted.
• Utilize a wide range of tools and techniques to automate repetitive hunt processes.
• When warranted, craft and distribute proactive threat bulletins to key constituents.
• Identify and enter risks and threats into the GRC platform when warranted.
• Participate in Incident Response analysis and investigations when needed - which may or may not include managing third party forensics and investigation services.
• Maintain quality documentation for meaningful consumption by others.
• Foster an environment of continuous learning, high engagement and champion diversity, inclusion, and respecting individuality of all team members
• Self-inform and deeply learn/research all facets of the Sleep Number digital ecosystem (Core IT, Labs, Digital, others).
• Champion communication to various stakeholders on emerging threats, their applicability to the Sleep Number environment and recommended action(s)
• Recognize opportunities for continuous improvement. Make recommendations to leadership and drive change. Actively inform future roadmaps and priorities leveraging your insights.
• Mentor interns and less experienced members of the team

Key Performance Indicators:

• Establish the foundations of a red team, blue team & purple team capability for Sleep Number
• Establish, operationalize, and refine threat intelligence feeds from various industry-trusted sources.
• Optimize existing toolsets, identify, and drive improvements to advance Sleep Number's Threat Hunt capability
• Establish an ability to report project(s) status/metrics and project across individual information security teams and across the entire information security team for executive consumption.

Position Requirements:

• 7 + years of experience with incident response, security operations, malware analysis, or threat hunting
• 4 + years of experience with various languages (e.g., JavaScript, HTML/CSS, SQL, Python, Java, Bash, Powershell)
• 4 + years of experience with common threat intelligence models such as STRIDE, VAST, or CVSS and application to threat hunting
• 4+ years of experience in a security engineering or threat detection role, or developing custom detections in a variety of security appliances
• 4+ years of experience with application of data science concepts and techniques to enable advanced threat detection
• 2 + years of experience leading small teams of technical associates. While this role is an individual contributor role, but it will be important for this person to mentor and teach others.
• 2 or more industry certifications such as, CEH, GPEN, OSCP, CISSP, EnCE, GCIH.
• Experience discerning between critical and non-critical alerts (i.e., "can quickly filter out "noise" alerts) and being able to escalate and problem solve in a timely fashion.
• Strong organizational skills with ability to thrive in a sense-of-urgency environment, navigate ambiguity, leveraging best practices, and approaching any problem as a team-player with a can-do attitude.
• Knowledge of information security management system standards, frameworks (ISO 27001, NIST CSF), MITRE ATT&CK, Cyber Kill Chain, and industry best practices.
• Experience in administering, operating, and improving industry SIEM solutions, such as Splunk.
• Strong written and verbal communication skills and ability to interface with all levels of business and executive leadership.

Knowledge, Skills & Abilities:

Alignment with the National Initiative for Cybersecurity Education (NICE) Framework. Cyber Defense Analyst (PR-CDA-001)

• Knowledge of cyber-attack stages (e.g., MITRE ATT&CK Framework, tactics, techniques and procedures for conducting reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
• Knowledge of the common attack vectors on the network layer.
• Ability to create "Living off the Land" breach and attack scenarios using existing tools, resources, and techniques to your advantage.
• Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).
• Knowledge of relevant laws, legal authorities, restrictions, and regulations pertaining to cyber defense activities.
• Knowledge of the Splunk Common Information Model (CIM)
• Skill in using incident handling methodologies.
• Skill in detecting host and network-based intrusions via intrusion detection technologies (e.g., Snort, ExtraHop, Corelight, Zeek).
• Skill in collecting data from a variety of cyber defense resources.
• Skill in recognizing vulnerabilities in security systems. (e.g., vulnerability and compliance scanning).
• Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies.
• Ability to problem-solve and work through day-to-day blockers and know when to escalate vs. self-solve while building and maintaining productive business relationships. Compile information security and compliance risks to communicate to leadership and ensure proper awareness.
• Ability to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute).

Working Conditions (if applicable):

• Rotational, occasional weekend and evening work will be required for production or operational support. May be called upon to work outside business hours in the event of a critical issues, outages, or incidents.
• Ability to travel up to 10%

Wellbeing

Our company's purpose is to improve the health and wellbeing of society.

Wellbeing is more than a catchphrase - it's a movement that permeates our company and through our team members. We are dedicated to enhancing and supporting the wellbeing of our team members and their families through benefits, programs, and resources across our five wellbeing pillars of emotional, financial, career, community, and physical health, with sleep at the center.

By joining our team, in addition to offering competitive pay programs, we are proud to offer eligible team members an extensive benefits package including, but not limited to medical and pharmacy benefits, dental, life and disability insurance, a matched 401(k) Plan, paid time off, and much more.

Examples of how we invest in your wellbeing:

• Sleep - Our 360® smart bed for team members, and discounts on our innovations and sleep solutions for yourself and friends and family throughout the year.
• Physical - Wide range of wellbeing resources and services through our medical plans to improve your physical health.
• Emotional - Access to mental health resources, caregiving support, paid time off and parental leave to support your emotional wellbeing. Work for your day flexibility, available for select corporate roles.
• Financial - Competitive base and variable pay programs, ability to save for the future through a matched 401(k) plan and financial support to recover from an illness or injury.
• Community - Paid time off for volunteering and connections to our communities through our Diversity, Equity & Inclusion initiatives, and support for charitable causes.
• Career - Opportunities for career development and continuous learning, including a tuition reimbursement program.

Safety

Safety is a top priority for Sleep Number supporting customers and team members wellbeing. COVID-19 Precaution(s) are in place consistent with CDC guidelines, U.S. Department of Labor's Occupational Health & Safety Administration (OSHA), and state/local laws.

EEO Statement

Sleep Number is an equal opportunity employer. We are committed to recruiting, hiring and promoting qualified people and prohibit discrimination based on race, color, marital status, religion, sex (including gender, gender identity, gender expression, transgender status, pregnancy, childbirth, and medical conditions related to pregnancy or childbirth), sexual orientation, age, national origin or ancestry, citizenship status, physical or mental disability, genetic information (including testing and characteristics), veteran status, uniformed servicemember status or any other status protected by federal, state, or local law.

Americans with Disabilities Act (ADA)

It is Sleep Number's policy to provide reasonable accommodations to qualified individuals with disabilities during the application process, consistent with applicable law. We may require supporting medical or religious documentation where applicable and permissible by law. If you are a qualified individual, you may request a reasonable accommodation at any time during the selection process, including if you are unable or otherwise limited in your ability to access open roles here.