Principal Threat Hunter and Intel Analyst

We have a wide variety of career opportunities around the world — come find yours.

Cyber Defense

The United Cyber Defense team is responsible for defending United’s massively scaling technology solutions that are brought to life with innovative architectures, data analytics and digital solutions. The Cyber Threat Intelligence team under the Cyber Defense organization is a highly technical intelligence team that provides both proactive external and internal identification, reporting, and response to threats and risk that may impact United’s digital ecosystem and assets.

Job overview and responsibilities

The Principal Threat Hunter and Intelligence Analyst is a highly technical hybrid role who will work to develop established methodologies and processes to perform a variety of cyber intel and threat hunting related activities for United. This will work to proactively identify intelligence related to threat actor methodologies and observables, hunting for threat actor activity, collecting, manage, analyzing, and disseminating cyber intel, and much more. This is not your average intelligence analysis role. This role is expected to be highly technical, cross functional, and require high visibility communications and coordination across multiple teams This role will report to the Director of Cyber Intelligence and Enterprise Vulnerability Management.

• Lead the and provide input into the development of United’s Threat Intelligence and Hunt program
• Proactively identify intelligence to create both raw and finished intelligence products, reporting and ingestion into detection controls
• Lead the intelligence needs of cross-functional response efforts for proactive hunting engagements
• Lead and take ownership of cross functional intelligence projects that will enable continuous maturation of the Cyber Threat Intelligence program
• Conduct and lead intelligence analysis and hunt missions as an individual analyst and cooperatively with Cyber Defense team leads
• Map vulnerabilities to threats and identify risk to United’s attack surface and provide recommendations for attack surface reduction
• Develop and update threat intelligence and hunt playbooks
• Ensure up to date intelligence collection, management, analysis, and dissemination frameworks exist and are followed
• Clearly and concisely document and communicate findings for all efforts to include risk to United’s information systems and assets
• Work with external stakeholders such as law enforcement, cyber insurers, lawyers and more, as needed
• Refine interlocks between internal and external stakeholders and ensure those interlocks remain in working order and are tested over time

Required

• Bachelor’s degree or equivalent experience
• 8+ years of enterprise-level cyber intelligence experience and threat hunting experience
• Excellent communication skills and technical acumen
• High energy and team player
• Experience with threat intelligence and incident response tools such as TIP, SIEM, link analysis visualization tools, Excel, and other data analytics and visualization platforms
• Experience with large volume data analytics and analysis a plus
• Experience conducting OSINT cyber threat intelligence collection and analysis for commercial organizations
• Industry certifications such as the OSCP, CISSP, CISM, CISA, GCIH, CFCE, GFCA, and/or GCFE
• Expert level understanding of all aspects of the interconnected Intel-Detect-Analyze-Respond ecosystem to include Communication, Legal, Public Relations, Cyber Insurance, IR Plans, IR Playbooks, Forensics, War Gaming, Threat Hunting, Detection Technologies, Intelligence, Attack Lifecycles, and much more are required
• Demonstrated a high sense of urgency with strong pragmatic problem-solving skills and the ability to identify, analyze, and resolve problems
• Lead cross-functional response to drive initiatives to completion
• Successfully prevented, managed, and mitigated cybersecurity events and incidents at all levels and cross functionally, preferably in large and complex business environments
• Demonstrated ability to map technical findings to business impacts and communicate the findings and risks in a manner which is understandable by technical and non-technical audiences
• Work with executives to enhance cybersecurity programs, incident response and other activities
• Work with law enforcement, regulators, lawyers and/or other external organizations
• Achieved objectives by contributing information and recommendations to strategic plans, identifying trends, and driving change
• Build relationships with stakeholders across all levels and all parts of the organization
• Must be legally authorized to work in the United States for any employer without sponsorship
• Successful completion of interview required to meet job qualification
• Reliable, punctual attendance is an essential function of the position

Preferred

• Master’s degree
• Active Security Clearance
• Experience with threat intelligence and hunting related data science and analytic techniques and platforms
• Scripting and programming experience
• Experience with Incident Response, Vulnerability Management, or Red Team operations