Senior Threat Hunter

Job Description

Auto req ID: 187498BR

Job Description

Imagine when YOUR “Creative Solutions” MEETS OUR Thirst for Innovation

At PepsiCo, it takes a global team to solve some of the most complex problems. And our InfoSec group is no exception! From Plano to Poland - we have a collaborative team comprised of two structures, a Center of Excellence, and a Consultancy, that are consistently innovating and supporting one another across borders. Influencing and driving our security agenda is no small task, and recognize the everyday contributions our talented security professionals make.

As a Senior Threat Hunter, you will be a key member of the Threat Detection Operations team within PepsiCo’s Cyber Fusion Center. You will be responsible for turning threat intelligence into actionable alerts. Your goal is to identify threat actor activity as quickly as possible and convey your findings to the Incident Response team for remediation, working together to minimize attacker dwell time. Your success will require more than just looking for known Indicators of Compromise. To excel in this role, you will need to seek out the Tactics, Techniques and Procedures used to infiltrate networks.

Your Job Duties will include:

  • Defining and leading hunt missions guided by threat intelligence, analysis of anomalous log data, and/or brainstorming sessions with the goal of identifying threat actors in PepsiCo’s networks
  • Developing and automating the detection of threat actor activities
  • Organizing detections in the framework of MITRE ATT&CK
  • Performing forensic analysis of network packet captures, DNS query logs, proxy logs, Netflow, as well as other logs from applications and operating systems
  • Providing expert-level support for large scale or complex security incidents. Documenting best practices for threat hunting and detection development
  • Reviewing alerts generated by detection infrastructure for false positives and improve alerts as needed

Qualifications/Requirements

  • Bachelor’s degree in Information Technology, related disciplines or equivalent work experience
  • Relevant Technical Security Certifications (such as from GIAC, EC-Council, Offensive Security, etc.)
Experience (required):
  • 7+ years overall IT Infrastructure experience
  • 5+ years of recent experience in a technical security role (such as in a SOC, Incident Response Team, Malware Analysis, IDS/IPS Analysis, etc.)
Experiences (desired):
  • Completed one or more security-related projects in the role of technical lead
  • Using and maintaining a SIEM (Security Information & Event Monitoring) solution such as ArcSight, Elasticsearch, LogRhythm, NetWitness, QRadar, or Splunk
  • Tuning a NIDS (Network Intrusion Detection System) such as Snort or Zeek or Suricata or their commercial equivalents
  • Performing forensic analysis to identify the source of malicious activity
  • Developing Software using Agile methodologies
  • Penetration Testing or Red Teamwork
  • Sharing your findings in the form of blog posts, white papers and/or presentations at security conferences
Skills:
  • Thinking like an attacker
  • Automating simple tasks with one or more common scripting languages (Python, Powershell, PERL, etc)
  • Familiarity with installing and managing both Linux/UNIX & Windows operating systems
  • Detailed understanding of the TCP/IP networking stack & network technologies
  • Working knowledge of full packet capture /PCAP analysis and accompanying tools (Wireshark, etc.)
  • Able to navigate and explain Active Directory and Group Policy
  • Knowledgeable in several of the following subjects
  • APT/crimeware ecosystems
  • Cloud infrastructure monitoring
  • IT architecture & infrastructure design
  • Log management/SIEM
  • Malware analysis & reverse engineering
  • Red Team/Penetration testing
  • Scripting & automation
  • Security engineering
  • Software vulnerabilities & exploitation
  • Comfortable working with a diverse and global team of security professionals

Relocation Eligible: Not Eligible for Relocation
Job Type: Regular


All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status.

PepsiCo is an Equal Opportunity Employer: Female / Minority / Disability / Protected Veteran / Sexual Orientation / Gender Identity

Our Company will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the Fair Credit Reporting Act, and all other applicable laws, including but not limited to, San Francisco Police Code Sections 4901 - 4919, commonly referred to as the San Francisco Fair Chance Ordinance; and Chapter XVII, Article 9 of the Los Angeles Municipal Code, commonly referred to as the Fair Chance Initiative for Hiring Ordinance.

If you'd like more information about your EEO rights as an applicant under the law, please download the available EEO is the Law & EEO is the Law Supplement documents. View PepsiCo EEO Policy

Please view our Pay Transparency Statement