Senior Cyber Threat Detection Analyst - Lead Threat Hunter

Requisition ID # 163983 

Job Category: Information Technology 

Job Level: Individual Contributor

Business Unit: Information Technology

Work Type: Hybrid

Job Location: Concord

Department Overview

The Cybersecurity function is led by PG&E’s Senior VP and Chief Information Security Officer and is responsible for cybersecurity and risk management across the organization.

The Security Intelligence and Operations Center (SIOC) is responsible for ensuring that PG&E proactively identifies and assesses threats to its user and operational network and data, monitors its network for malicious activity, investigates intrusions and other relevant events, and has a sophisticated and detailed understanding of the evolving threat landscape.

Position Summary

Delivers information security services in support of PG&E's enterprise security goals and objectives. Utilizes a variety of commercial and custom tools and processes to provide the information security services. Conducts proactive Intelligence-driven threat hunting, daily sweeps through security tools using customized dashboards, and provides detection recommendations to the engineering team. Produces executive reporting on hunt activities, hunt findings, remediation or mitigation recommendations, security policy updates, and strategic direction to help fix potentially identified control gaps.

This position is for Day-Shift, and as the Threat Hunt Senior will be responsible for providing guidance, driving deliverables and operational metrics, working towards continuous improvement through new processes and collaborations with teams both within and outside of Cybersecurity. 

This position is hybrid, working from your remote office and our Concord office, approximately 3 days per week (Tuesday through Thursday) or more, based on business need. 

PG&E is providing the salary range that the company in good faith believes it might pay for this position at the time of the job posting. This compensation range is specific to the locality of the job. The actual salary paid to an individual will be based on multiple factors, including, but not limited to, specific skills, education, licenses or certifications, experience, market value, geographic location, and internal equity. Although we estimate the successful candidate hired into this role will be placed between the entry point and the middle of the range, the decision will be made on a case-by-case basis related to these factors.

This job is also eligible to participate in PG&E’s discretionary incentive compensation programs.

A reasonable salary range is:

Bay Area Minimum: $122,000.00
Bay Area Maximum: $194,000.00

Job Responsibilities

• Perform proactive threat hunting
• Prepare briefs on hunt findings or mitigations and remediations for senior management
• Research and write in-depth reports and advisories on security risks, security control gaps, SIEM rule enhancements and additions, and misconfigured infrastructure or tools
• Maintain knowledge of adversary activities, including intrusion tactics, attack techniques and operational procedures.
• Investigate and respond to potential cybersecurity incidents discovered while hunting and assist Incident Response team as needed, including after escalation
• Analysis of security event logs from a variety of sources
• Ability to analyze malware/exploits through forensics, observation of network traffic and using packet capture or other tools and resources to determine if PG&E systems are vulnerable or exploited
• Documentation of analysis, including summarization for executive review
• Effectively prioritize multiple high-visibility work streams and coordinate resources
• Provide subject matter expertise on security analysis services, tools, processes, and procedures, mentoring junior team members, and improving services
• May help coach less experienced employees
• Use intelligence feeds and OSINT to maintain situational awareness to identify, track, and monitor emerging security threats and trends regarding threats to PG&E, the utility industry and US critical infrastructure
• Identifies and makes recommendations for improvements to current security services, tools, processes, and procedures
• Drive continuous improvement initiatives and processes in order to improve team efficacy and efficiency
• Collaborate with teams within the SIOC, cybersecurity as a whole, IT as a whole, and the multiple lines of business we interact with
• Work cross-functionally to recommend, facilitate, and test security control improvements

• Share on-call responsibility outside of business hours, onsite and remote

Qualifications

Minimum:

• High School or GED-General Educational Development-GED Diploma
• 4 years experience in IT-Information Technology security, multi-platform, or job-related experience

Desired:

• Bachelors Degree in Computer Science or job-related discipline or equivalent work experience
• Basic scripting skills
• Knowledge of MITRE ATT&CK Enterprise Matrix
• Knowledge of all layers of the OSI stack.
• Industry standard cybersecurity certifications. For instance, certifications from SANS, CompTIA, and ISC2
• Previous experience supporting cyber defense analysis of Operational Technology (OT) Networks, including Integrated Controls Systems (ICS), SCADA, and Process Control Networks (PCN).
• Formal IT Security/Network Certification, such as WCNA, CompTIA Network+ and Security +, Cisco CCNA, GIAC GCIH, GMON, GCFA, GCFE, GREM, GICSP, GRID, or other relevant certifications
• Utility Industry experience
• Technical knowledge of operating systems (e.g., UNIX, Windows).
• Experience with compliance standards: NERC-CIP, SOX, TSA
• Previous experience working with various SIEM, EDR, and digital forensic technologies
• Experience with scripting in Python, PowerShell
• Malware reverse engineering skills

#featuredjob