Senior Threat Hunting Analyst

We are looking for a Senior Threat Hunting Analyst to join our team. The ideal candidate has a strong drive to solve security challenges and the desire to implement best-in-class security measures using cutting edge technology. The right person for this role has a proven track record of delivering high-quality security solutions in a scaling environment.

What You Will Do:

• Implement new detection capabilities and improve upon existing security tools and playbooks
• Review audit logs and identify/audit behavior
• Create and disseminate summary reports, investigation reports, and threat briefs
• Recommend remediation activities to secure the source or initial point of access of intrusion
• Collaborate with threat intelligence support teams to mitigate risk from contact and horizon threats
• Provide targeted attack detection and analysis, including the development of custom signatures and log queries and analytics for the identification of targeted attacks
• Develop and execute custom scripts to identify host-based indicators of compromise. Determine scope of intrusion identifying the initial point of access or source
• Provide executive level cyber security strategic recommendations along with security engineering recommendations and custom solutions to counter adversarial activity
• Develop analytics to correlate IOCs and maximize threat detection capabilities based off defense analysis processes. Conduct analysis of network traffic and host activity across a wide array of technologies and platforms
• Assist in incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts. Compile detailed investigation and analysis reports for internal SOC consumption and delivery to management
• Develop detection techniques and countermeasures in response to threat actor tactics, techniques, and procedures (TTPs)
• Analyze network traffic, IDS/IPS events, packet capture, FW logs, malicious campaigns and evaluate the effectiveness of security technologies
• Provide expert analytic investigative support of large scale and complex security incidents
• Support the incident response team by providing advanced analysis services when requested to include recommending containment and remediation processes, independent analysis of security events
• Perform Root Cause Analysis of security incidents for further enhancement of alert catalog. Review alerts generated by detection infrastructure for false positive alerts and modify alerts as needed
• Provide forensic analysis of network packet captures, DNS, proxy, vpcflow, malware, host-based security and application logs, as well as logs from various types of security sensors
• Provide executive level cyber security strategic recommendations along with security engineering recommendations and custom solutions to counter adversarial activity

Who You Are:

• Bachelor’s degree in Computer Science, Information Systems Management, Engineer or related field; equivalent experience considered
• 6 to 10 years of experience with the incident response process, including detecting advanced adversaries, log analysis using SIEM, and malware triage and identification
• Highly desired: Certifications such as OSCP or other recognized pentesting or threat hunting certs
• Knowledge and experience with digital forensic processes, chain of custody, and evidence preservation to include disk, file, memory, and network capture, imaging and analysis
• Experience with packet analysis and usage of deep packet inspection toolsets
• Knowledge and experience working with the Cyber Kill Chain Model, Diamond Model or MITRE ATT&CK Matrix
• Working knowledge of Advanced Persistent Threats and cyber crime TTPs
• Strong working knowledge of EDR and SOAR solutions
• Strong experience with Splunk and Splunk Enterprise security and possess the ability to apply analytical techniques to large data sets
• Strong experience with Azure and AWS cloud infrastructure/security
• Strong usage of scripting languages for automation, such as Python, Powershell, Bash
• Experience with Security Operations
• A working understanding of mobile and container security

How You’ll be Rewarded:

At CLEAR we help YOU move forward - because when you’re at your best, we’re at our best. You’ll work with talented team members who are motivated by our mission of making experiences safer and easier. Our hybrid work environment provides flexibility. In our offices, you’ll enjoy benefits like meals and snacks. We invest in your well-being and learning & development with our stipend and reimbursement programs. 

We offer holistic total rewards, including comprehensive healthcare plans, family building benefits (fertility and adoption/surrogacy support), flexible time off, free OneMedical memberships for you and your dependents, and a 401(k) retirement plan with employer match. The base salary range for this role is $135,000-165,000, depending on levels of skills and experience.

The base salary range represents the low and high end of CLEAR’s salary range for this position. Salaries will vary depending on various factors which include, but are not limited to location, education, skills, experience and performance. The range listed is just one component of CLEAR’s total compensation package for employees and other rewards may include annual bonuses, commission, Restricted Stock Units.

About CLEAR

Have you ever had that green-light feeling? When you hit every green light and the day just feels like magic. CLEAR's mission is to create frictionless experiences where every day has that feeling. With more than 13+ million passionate members and hundreds of partners around the world, CLEAR’s identity platform is transforming the way people live, work, and travel. Whether it’s at the airport, stadium, or right on your phone, CLEAR connects you to the things that make you, you - unlocking easier, more secure, and more seamless experiences - making them all feel like magic. 

#LI-Hybrid