Cyber Threat Hunter I/II/III/Sr

Proactively identify cybersecurity incidents that may go undetected by other security tools. Respond to real-time security incidents and supports activities for response. Act as a liaison between the threat intelligence teams and the analyst teams to coordinate on emerging threats to the BHE networks.

Hunt for existing threats or vulnerabilities already present in the networks. Analyze and correlate large data sets to uncover threats and attack techniques. This may entail taking emerging or developing reports of attacks and building or adjusting queries as needed to ensure the protection of the environment. 40%

Coordinate with threat intelligence analysts on emerging threats to the company or industry, seeking out potential issues in the environment. 30%

Assist endpoint and network protection SMEs in the development of protective or detective queries in existing tool sets that will allow for near real-time detection. When there is no threat immediately present, the potential for the threat in the future should be alerted on or blocked accordingly. 10%

Advise on tools, techniques, or policies to advance the posture and monitoring functions of the security operations center. This also includes environments beyond the enterprise networks such as Industrial Control System (ICS) environments. 10%

Provide timely and accurate cross-platform support in response to security threats. (10%)

Bachelor’s degree in Computer Science, Information Technology, or related field; or equivalent work experience.

Direct experience performing threat hunting in an enterprise environment.

Two years of experience in a technical role within a Security Operations Center, Incident Response Team, or Threat Intelligence for the Cyber Threat I.

Four years of experience in a technical role within a Security Operations Center, Incident Response Team, or Threat Intelligence for the Cyber Threat II.

Six years of experience in a technical role within a Security Operations Center, Incident Response Team, or Threat Intelligence for the Cyber Threat III.

Eight years of experience in a technical role within a Security Operations Center, Incident Response Team, or Threat Intelligence for the Sr Cyber Threat.

At least one year of hands-on experience with a production security toolset. Experience with an EDR/MDR/XDR, network tapping infrastructure, and security automation is preferred.

Knowledge of security principles is desired through achievement and active pursuit of advanced security certification including CISM or CISSP or equivalent.

Familiarity with at least one programming and scripting languages such as PERL, Python, Ruby, C#, C++, Go, Rust, BASH, and Powershell, as well as open source security tools such as Syslog-NG, SNORT, Cuckoo, etc.

Ability to construct and execute complex database queries using SQL (Structured Query Language), KQL (Kibana Query Language), or eDSL (Elasticsearch Domain Specific Language).

General knowledge of information technology terms, equipment, systems, functions, and major vendors – Information Technology work experience strongly preferred. (Server, endpoint, network, etc..)

Effective interpersonal skills and customer relationship skills.

Effective analytical, problem-solving and decision-making skills.

Project management skills; ability to prioritize and handle multiple tasks and projects concurrently.

Employees must be able to perform the essential functions of the position, with or without an accommodation.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status.

MidAmerican Energy Company, a Midwest utility, provides regulated electric and natural gas service to more than 1.6 million customers in Illinois, Iowa, Nebraska and South Dakota. The company owns and operates a portfolio of power-generating assets, approximately 61% of which is wind generation.

MidAmerican Energy Company is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion or religious creed, age, national origin, ancestry, citizenship status (except as required by law), gender (including gender identity and expression), sex (including pregnancy), sexual orientation, genetic information, physical or mental disability, veteran or military status, familial or parental status, marital status or any other category protected by applicable local, state or U.S. federal law. Employees must be able to perform the essential functions of the position, with or without an accommodation.