McKesson's Global Cyber Threat Hunting Lead will be a member or our global ISRM team leading all threat hunting activities across the Enterprise. You will be responsible for participating in threat actor-based investigations, creating new detection methodologies, and providing expert support to incident response and monitoring functions. Your mission is to timely detect, disrupt, and eradicate threat actors from enterprise networks. To execute this mission, you will use data analysis, threat intelligence, and cutting-edge security technologies. You will support the Security Operations Center by applying analytic and technical skills to investigate intrusions, identify malicious activity and potential insider threats, and collaborate with the Incident Response Team on responding to detected incidents.
Additionally, you will provide guidance to other related organizations on processes and activities to best support the mission.
What you'll do:
* General SIEM monitoring and analysis. * Research, analysis, and response for alerts; including log retrieval and documentation. * Conduct analysis of network traffic and host activity across a wide array of technologies and platforms. * Assist in incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts. * Compile detailed investigation and analysis reports for internal SOC consumption and delivery to Incident Response and other organizations. * Track threat actors and associated tactics, techniques, and procedures (TTPs). * Capture intelligence on threat actor TTPs and develop countermeasures in response to threat actors. * Analyze network traffic, IDS/IPS/DLP events, packet capture, and FW logs. * Analyze malicious campaigns and evaluate effectiveness of security technologies. * Develop advanced queries and alerts to detect adversary actions. * Coordinate threat hunting activities across the network leveraging intelligence from multiple internal and external sources, as well as cutting- edge security technologies. * Assist in the design, evaluation, and implementation of new security technologies. * Assist on investigation efforts into advanced/targeted attacks * Hunt for and identify threat actor groups and their techniques, tools and processes. * Provide expert analytic investigative support of large scale and complex security incidents. * Perform Root Cause Analysis of security incidents for further enhancement of alert catalog. * Continuously improve processes for use across multiple detection sets for more efficient Security Operations. * Review alerts generated by detection infrastructure for false positive alerts and modify alerts as needed. * Develop dashboards and reports to identify potential threats, suspicious/anomalous activity, malware, etc. * Provide analysis of network packet captures, DNS, proxy, Netflow, malware, host-based security and application logs, as well as logs from various types of security sensors.
How we'll help you grow:
You'll have access to technical and management training material to be the subject matter expert.
You'll learn directly from Senior members/leaders in this field.
You'll have the opportunity to work with multiple clients.
Minimum Position Requirements
10+ years of professional experience with relevant cyber security experience in Threat Hunting, IT Security, Incident Response or endpoint/network security with strong knowledge working in a Security Operations Center or in a Threat Hunting team.
We also welcome candidates with strong offensive engineering (Penetration Testing and Red Teaming)
Required Technical and Professional Expertise
Strong analytical and investigation skills & active threat hunting and adversary tracking
Excellent written and oral communication skills with the ability to effectively communicate with information technology professionals as well as senior management and auditors, assessors, and consultants
Working knowledge of root causes of malware infections and proactive mitigation.
Working knowledge of lateral movement, footholds, and data exfiltration techniques
Ability (experience with) to mentor and potentially independently lead a team of global Cyber Threat Hunters
Preferred Technical and Professional Expertise
One or more of the following security certifications or equivalent: GDAT (GIAC Defending Advanced Threats), Certified Cyber Threat Hunting Professional (CCTHP), Certified Threat Intelligence Analyst (CTIA),and GIAC Cyber Threat Intelligence (GCTI)
Knowledge of the underlying logic that security alerts are built upon and apply them when analyzing raw logs and creating new dashboards and alerts
Recognize complex problems, analyze situations and provide suggested/implemented resolution(s)
Experience and knowledge of packet flow, TCP/UDP traffic, firewall technologies, IDS technologies, proxy technologies, and antivirus, spam and spyware solutions
High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity
Provide leadership and guidance to the team and act as a resource to the team members
Experience with one or more scripting languages
Perform memory analysis and malware analysis
Experience with computer exploitation methodologies
McKesson is an Equal Opportunity/Affirmative Action employer.
All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.Qualified applicants will not be disqualified from consideration for employment based upon criminal history.
McKesson is committed to being an Equal Employment Opportunity Employer and offers opportunities to all job seekers including job seekers with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, please contact us by sending an email to McKessonTalentAcquisition@mckesson.com . Resumes or CVs submitted to this email box will not be accepted.
Current employees must apply through the internal career site.
Join us at McKesson!
Internal Number: JR0038365
About McKesson Corporation
We deliver careers with purpose and potential. Our focus on better health starts with creating an inclusive environment with strong values where you can build a fulfilling career. You can count on us to provide you with resources and opportunities to grow and be your best, while contributing to our pursuit of improving lives. Every day, McKesson’s employees deliver products to healthcare providers that make a difference in the care and life of a patient. We work to distribute medical supplies, bandages, syringes, vials of flu vaccine, and pharmaceutical drugs to help real patients like Jack, an eight-year-old boy battling cancer. We take that job seriously. Together, the work we do is shaping the future of healthcare. If you are passionate about combining a meaningful career with a balanced life, join us on this journey and apply for a job with McKesson today. Every day, McKesson’s employees deliver products to healthcare providers that make a difference in the care and life of a patient.