Senior Threat Intelligence and Threat Hunting Analyst

Overview

Come join us at Con Edison! We are actively seeking highly skilled and motivated Cybersecurity Engineers to become integral members of our growing Advanced Cyber Defense team. This senior role offers a unique opportunity to significantly enhance our threat intelligence, threat hunting, and detection engineering programs. You'll play a pivotal role in helping us stay ahead of emerging threats and ensuring the security of our systems. If you're passionate about cybersecurity and eager to make a substantial impact, Con Edison is the place for you. Join us and be part of a dynamic team dedicated to safeguarding our digital future.

- Gather, process, and analyze threat data from different sources to create actionable threat intelligence.

- Create and deliver in-depth threat intelligence and threat landscape reports, briefings, and presentations tailored for both technical and non-technical stakeholders.

- Provide situational awareness updates to senior leadership on high-priority threats and geopolitical developments impacting cybersecurity.

- Create and maintain threat profiles for key adversaries targeting the organization or sector.

- Manage a threat intelligence platform (TIP) and ensure proper integration with SIEM, SOAR, and other security tools.

- Manage the assessment and follow-up of third-party security incidents or compromises.

- Design and perform threat hunts and purple team exercises to identify malicious activity, misconfigurations, and visibility gap.

- Help create and maintain detection content, new alerts, dashboards, documentation, playbooks, guidelines, and metric.

- Design, implement, and maintain automated workflows for threat intelligence and threat hunting workflows.

- Serve as a Tier 3 escalation point for the Cybersecurity Operations Center (CSOC) and major Incident Response.

- Evaluate and recommend new tools and technologies to enhance capabilities.

Qualifications

Required Education/Experience

- Master's Degree in Computer Science, Cybersecurity, or other related area and 2 years of relevant work experience.

- Bachelor's Degree in Computer Science, Cybersecurity, or other related area and 3 years of relevant work experience.

- Associate's Degree in Computer Science, Cybersecurity, or other related area and 4 years of relevant work experience.

- High School Diploma/GED and 5 years of relevant work experience.

Relevant Work Experience

- Experience in threat intelligence, threat hunting, detection engineering, or a related cybersecurity role, required.

- Possess a deep understanding of cyber threat intelligence and threat hunting frameworks, methodologies, and approaches, required.

- Familiarity with threat intelligence tools and platforms (e.g., TIP, Shodan, VirusTotal) required.

- Strong experience in analyzing IOCs, TTPs, user logs, host logs, network logs, and/or PCAPs to detect malicious activity, required.

- Strong understanding of the MITRE ATT&CK Framework, preferred.

- Strong understanding of Incident Management and Incident Response frameworks, preferred.

- Strong knowledge in Splunk Enterprise Security and Splunk SOAR, preferred.

- Experience using Microsoft Sentinel and KQL, preferred.

- Strong programming experience with Python or a similar language, preferred.

- Knowledge of digital forensics and investigation techniques, particularly on Windows and Linux, preferred.

- Knowledge on cloud security and cloud architecture best practices, preferred.

- OT/ICS Security knowledge, preferred.

Skills and Abilities

- Possesses strong technical aptitude

- Excellent collaboration and team building skills

- Strong verbal communication and listening skills

- Demonstrated written communication skills

- Must be proficient in Microsoft Office including Word, Excel, Outlook and PowerPoint, etc.

Licenses and Certifications

- Driver's License Required

- Other: Technical certifications (e.g. CISSP, CISM, CIPP, etc.) Preferred

Additional Physical Demands

- The selected candidate will be assigned a System Emergency Assignment (i.e., an emergency response role) and will be expected to work non-business hours during emergencies, which may include nights, weekends, and holidays.

- Must be able and willing to travel within Company service territory, as needed.

- Must be available 24/7, on call, and/or participate in off-hour emergency response activities as required.