La santé de demain commence par… Relever les défis que personne d’autre ne peut surmonter.

Job Summary

McKesson’s Senior Cyber Threat Hunterwill be a member or our Cyber Investigations & Response Teamexecuting threat hunting activities across the Enterprise. You will be responsible forparticipating in threat actor-based investigations, creating new detection methodologies, and providing expert support to incident response and monitoring functions. Your mission is to timely detect, disrupt, and eradicate threat actors from enterprise networks. To execute this mission, youwill use data analysis, threat intelligence, and cutting-edge security technologies. You will support the security operations by applying analytic and technical skills to investigate possible intrusions, identify malicious activity and potential insider threats, and collaborate with other team members on responding to detected incidents.

Responsibilities

• Execute research, analysis, and response for alerts; including log retrieval and documentation.

• Conduct analysis of network traffic and host activity across a wide array of technologies and platforms.

• Assist in incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts.

• Compile detailed investigation and analysis reports.

• Work with the Cyber Threat Intelligence (CTI) team to assist in tracking threat actors and developing countermeasures in response to those threat actors.

• Analyze malicious campaigns and evaluate effectiveness of security technologies.

• Coordinate threat hunting activities across the network leveraging intelligence from multiple internal and external sources, as well as cutting- edge security technologies.

• Perform Root Cause Analysis of security events and incidents for further enhancement of processes and detection/prevention strategies.

• Develop dashboards and reports to identify potential threats, suspicious/anomalous activity, malware, etc.

Requirements

• 7+ years of relevant cyber security experience in Threat Hunting, IT Security, Incident Response or network security with strong knowledge working in a Security Operations Center, Incident Response team, or Threat Hunting team.

• Experience with risk management, vulnerability management, threat analysis, security auditing, security monitoring, incident response and other information security practices preferred

• Strong analytical and investigation skills & active threat hunting and adversary tracking.

• Excellent written and oral communication skills with the ability to effectively communicate with information technology professionals as well as senior management and auditors, assessors, and consultants

• High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity

• Working knowledge of lateral movement, footholds, and data exfiltration techniques

• Ability to mentor and potentially independently lead a team of global Cyber Threat Hunters. 

Preferred Technical and Professional Expertise

• One or more of the following security certifications or equivalent: GDAT (GIAC Defending Advanced Threats),Certified Cyber Threat Hunting Professional (CCTHP), Certified Threat Intelligence Analyst (CTIA),andGIAC Cyber Threat Intelligence (GCTI)

• Bachelor’s degree in a technical field such as Computer Science, Information Security, Information Technology, Computer Engineering, or Information Systems. or equivalent degree is preferred.

• Knowledge of the underlying logic that security alerts are built upon and apply them when analyzing raw logs and creating new dashboards and alerts.

• Experience and knowledge of packet flow, TCP/UDP traffic, firewall technologies, IDS technologies, proxy technologies, and antivirus, spam and spyware solutions.

• Provide leadership and guidance to the team and act as a resource to the team members.

• Experience with one or more scripting languages (e.g., Python, JavaScript, Perl)

• Perform memory analysis and malware analysis

• Experience with computer exploitation methodologies