Information Security Incident Response Threat Hunter
Gap Inc. is changing the future of retail and reimagining how people shop and engage with our brands. Our obsession with delighting customers and our commitment to deliver fully on those experiences is what sets us apart.
We are diversifying our teams and our talent globally, and expanding our talent.
Summary: The Systems Engineer II (Incident Response Threat Hunter) works as a member of Gap Inc. Cyber Defense Center team within the Information Security Organization and will be responsible for Incident Response Threat Hunting and Incident Response support on escalated Security events.
- Hunt for and identify threat actor groups and their techniques, tools, and processes
- Participate in Hunt missions using threat intelligence, analysis of anomalous log data and results of brainstorming sessions to detect and eradicate threat actors
- Maintain current knowledge of tools and best-practices in advanced persistent threats; Tactics, Techniques and Procedures (TTPs) of attackers
- Develop Threat Hunting dashboards and reports to identify potential threats, suspicious/anomalous activity, and malware
- Identify malicious or anomalous activity based on event data from Firewalls, WAF, IPS, HIPS, Anti-Virus, and other sources
- Perform deep dive analysis by correlating data from various sources
- Provide expert analytic investigative support for critical Incident Response security incidents
- Act as an escalation support for Incident Response SOC on critical security events
- This position requires the ability to work in shift schedules and on call rotation
- Bachelor Degree in Computer Science, Information Systems or a related technical field preferred
- Minimum of 4-6 years of experience in Information Security Incident Response, Cyber Threat Hunting
- Proven track record of successful innovative hunts that are completed in a timely manner
- Thorough understanding of how to detect lateral movement within a network and thinking outside the box to discover the signal within the noise
- Excellent communication and influencing skills including the ability to simplify key messages, present compelling stories and promote technical and personal credibility with internal and external executives, and both technical and non-technical audiences
- Proven success working across organizational and geographic boundaries
- Familiarity with Security tools Palo Alto IPS, Cylance, Symantec
- Experience in performing Malware analysis
- Experience with utilizing Carbon Black Process tree and Threat hunting
- Experience with utilizng SIEM tool Splunk effectively in triage events and Splunk search capabilities
- Strong background within Incident Response & Threat Hunting including IOC (Indicators of Compromise) & TTP (Tactics, Techniques & Procedures)
- Strong knowledge in TCP/IP, cryptographic protocols and algorithms, operating system (MAC\Linux\Windows) internals and operations
- Deep Understanding of common Attack Vectors DDoS attacks, Phishing, Web Attacks, and Malware
Nice to have:
- Security certifications: CISSP, SANS GIAC (GREM, GCFA, GCIH), OSCP
- Experience in user behavior analytics tools and investigation
Meet Some of Technology at Gap Inc.'s Employees
IT Business Analyst
Jared operates as a function lead between Gap’s business partners and technical leads. He helps them understand the business requirements to deliver high-quality technology to Gap’s customers.
Back to top