Share this Job

ORBIA Incident Response Analyst/Cyber Threat Hunter (REMOTE)

Orbia Advance Corporation is a Purpose-led company with big aspirations. We are out to advance life around the world while maximizing value to our shareholders, customers and employees. The Company is passionate about the topics that define how people will live and thrive tomorrow: the future of cities, buildings, agriculture, and materials. Orbia Advance Corporation has five business groups which offer innovative solutions across multiple industries including building and infrastructure, data communications, chemicals and more. In 2018, Orbia Advance Corporation bought a majority stake in Israeli-based Netafim, the world’s leader in drip irrigation, and is helping the world ‘grow more with less’ as it helps to solve food and water scarcity. Orbia Advance Corporation has operations in 41 countries with more than 22,000 employees.

We started as a producer of commodities and have evolved to become a provider of innovative solutions that address the global issues of rapid urbanization, water and food scarcity, and a growing and aging population. We’re already a global leader in Polymers, Fluor, Building & Infrastructure, Datacom, and Precision Irrigation. We have embarked on a CEO-led transformation, as part of our journey to become a truly purpose-led, future fit company.

ORBIA Incident Response Analyst/Cyber Threat Hunter

 

MAIN PURPOSE

The Incident Response Analyst/Cyber Threat Hunter is a senior technical analyst role positioned in the Orbia global SOC team, responsible for Tier 3 incident response and proactive cyber threat hunting. This role will work closely with counterparts in our Managed Security Service Provider to conduct in-depth investigations, contextualize incidents with Orbia-internal information, and drive containment and response actions with Orbia IT teams. The Incident Response Analyst will provide technical leadership and direction during the duration of a security incident, leveraging all available detection and response toolsuites within Orbia, including SIEM, EDR/XDR, email security, DNS filtering, and network security appliances, to analyze malicious artifacts and assist with forensic investigations.

 

Additionally, this role will conduct proactive threat hunting, leveraging internal and external data sources and intelligence feeds to discover new threat vectors and analyze threat actor tactics, techniques, and procedures. This role will drive hunt initiatives, analyzing complex data sets and log data to detect advanced threats in Orbia’s network using knowledge of the current threat landscape and threat actor targets and TTPs. This role will help to identify gaps in Orbia’s detection, prevention and response capabilities and propose strategies to correct those gaps, including developing new detection content and proposing engineering/architecture considerations. Where possible, this role will leverage scripting, tools, and techniques to automate repetitive hunt tasks .

 

This role will be a key technical leader and a trusted advisor in incident handling, providing both proactive outreach and reactive security support to business group resolver teams. On a day-to-day basis, this role will work closely with the Cyber Threat Operations team as well as with Orbia’s business groups, service and product vendors, IT leaders, and Security Engineering/Architecture leaders. Upon declaration of a possible cyber crisis, this role will play a key part of Orbia’s overall Cyber Crisis Command structure, working closely with the crisis command team to drive remediation actions and resiliency.

 

 

MAIN RESPONSIBILITIES

•              Provide technical leadership for the cyber threat detection and incident response program within Orbia.

•              Analyze security incidents identified by our external service providers and contextualize with Orbia-internal information. Validate whether the incident is a true/false positive and provide feedback to drive service provider improvement. 

•              Support system owners with incident ticket resolution, including leading investigations, containment actions, and response/remediation steps.

•              Assist with development of common runbooks for most frequent or critical incident types.

•              Analyze root cause of recurring incidents and recommend and implement strategies to prevent reoccurrence in the future. Work with service providers on tuning false positives so as to ensure most effective use of Orbia’s resources.

•              Interface with IT stakeholders in each of Orbia’s business groups and at the corporate level and serve as an escalation point to drive incident response and remediation.

•              Liaise when necessary with external incident response providers to perform digital forensics, malware analysis, and recovery operations.

•              Proactively research current cyber threat landscape, cyber threat trends, threat actors/groups, and exploit campaigns. Leverage deep technical and subject matter expertise to drive development of new detection content to ensure Orbia has enterprise visibility into current threats.

•              Conduct threat hunting operations within Orbia’s environment. Analyze all available detection toolsets and leverage current threat intelligence to identify and respond to advanced cyber threats within Orbia’s environment.

•              Track and document threat hunt hypotheses based on threat actor tactics, techniques, and procedures. Where possible, leverage scripting abilities to automate repeated hunt tasks. Build and iterate on a cyber threat hunting lifecycle.

•              Report on threat hunt findings, including documenting recommendations for improving Orbia’s security posture and detection/prevention controls.

•              Validate security control coverage against new or emerging cyber threats. Contribute to engineering initiatives to operationalize cyber threat intelligence sources within Orbia’s detection toolsuites.

•              Collaborate with others within the cyber threat operations team, working closely with peers in vulnerability management, penetration testing and red/blue team exercises, and crisis command and resiliency.

•              Consider and recommend new tools, processes, or strategies to enhance Orbia’s incident management workflow and increase efficiencies.

•              Upon cyber crisis command plan initiation, assume a key technical role in coordinating response, remediation, and resiliency.

 

KNOWLEDGE REQUIRED

-               Familiarity with relevant regulations, such as SOX, GDPR / data privacy, PCI-DSS, etc.

-               Relevant security certifications (e.g. CISSP, GCIH, GCIA, CEH, etc.)

-               Knowledge of relevant frameworks, including Cyber Kill Chain and MITRE ATT&CK

-               Deep technical knowledge of security solutions and architecture principles and processes

-               Knowledge of scripting/programming languages, such as Python

-               Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)

-               Demonstrable understanding of cyber threat hunting principles, including threat actor groups and tactics/techniques/procedures

-               Familiarity with Operational Technology (OT)/ICS/SCADA environments

-               Excellent analytical and problem-solving skills

-               Ability to build strong partnerships in a matrixed environment

-               Excellent verbal and written communication skills, including ability to translate complex technical subjects to non-technical audiences

-               Ability to learn, grow and take on expanded duties as business needs evolve

-               Excellent leadership skills and ability to communicate and influence at all levels and inspire through leadership to develop individuals and teams

-               Bachelor degree required. Master’s degree in Computer science, Engineering or Business preferred

-               Superb judgment and integrity, including excellent decision-making skills and a sense of urgency

 

EXPERIENCE REQUIRED

-               7+ years of experience in one or more of the following areas: Information Security, Security Operations, Digital Forensics/Incident Response, Cyber Threat Hunting, or Cyber Threat Intelligence

-               Preferred: 5+ years of experience working directly in a Security Operations Center

-               Knowledge/experience with common threat detection tools, such as SIEM, EDR/XDR, IDS/IPS, and firewalls in a large enterprise environment

-               Knowledge/experience with other types of security operations tools, such as vulnerability scanners, PCAP tools, and malware sandbox/reverse engineering tools.

-               Knowledge/experience with forensic investigations, malware analysis, and incident response.

-               Deep technical experience with the incident management lifecycle and incident analysis techniques

-               Experience in proactive threat hunting based on tactics, techniques, and procedures

-               Experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, and application security

 

 

Our Global brands: Dura-Line, Koura Global, Vestolit, Netafim, Alphagary, Wavin.

They offer a broad range of value added solutions and finished products that contribute to customers’ success and ultimate improve the quality of life for people around the world. Along its commitment to good citizenship, Orbia Advance Corporation delivers Total Value to customers, employees and investors worldwide, every day.

Boston, MA, US, 02101