Cyber Threat Intelligence - Threat Hunter

Position Overview

Charles Schwab Cybersecurity Operations organization is seeking a Cyber Threat Hunter within the Threat Intelligence team. The selected candidate will focus on identifying threats to Schwab and analyzing threats to our organization's core assets. Threat Intelligence team members are tasked with developing relationships both internally and externally, identifying trends, educating employees, studying attacker TTPs and providing proactive defense measures and models to other teams.

Key Responsibilities

• Play a critical role in analysis of disparate information and synthesizing into relevant actionable intelligence.
• Deliver accurate, timely and professional intelligence products.
• Support investigative efforts within the Cyber Defense organization.
• Engage with others both internally and externally to protect the company's critical assets.
• Interface with peer departments across the firm.
• Build positive and productive relationships with the business and technology.
• Securely share actionable intelligence internally and externally while maintaining TLP.
• Conduct threat hunting to identify, prioritize, classify, and report on cyber threats following industry best practices.
• Collect, process, catalog, and document threat information and regularly provide expert analysis through curated intelligence briefings.
• Participate and execute in developing an effective strategy to assess and mitigate foreign and domestic risk, manage crises and incidents, and safeguard the organization.
• Direct and assist team resources in identifying, developing, implementing, and maintaining security processes, practices, and policies throughout the organization.
• Ensure the organization's compliance with local, national, and international regulatory environments.
• Contribute to advancing the organization's global security intelligence program, focusing on actionable data to proactively protect the company, employees, and assets.
• Influence cross-organizational teams.

Required Qualifications

• Minimum of 3 years of experience in Threat Hunting, Information Security, Enterprise Security Monitoring & response, Security Orchestration and Automation, Information Technology, Penetration Testing, Threat Intelligence, Security Architecture/Design Strategy, System Analysis and Implementation, or related function.
• BS in Computer Science (or related field) or equivalent work experience.
• Knowledge of how advanced adversaries operate, their TTPs and malware families.
• Scripting or programming experience for automating processes.
• Experience in the consumption, processing, and analysis of tactical Cyber Threat Intelligence within an operational environment.
• Understanding of NIST, MITRE ATT&CK framework.
• Experience with varied technologies including SOAR, SIEM, Cloud based security platforms, data analysis tools.

Preferred Qualifications

• Experience in monitoring OSINT (Open-Source Intelligence), SOCMINT (Social Media Intelligence), and internal intelligence resources for known and emerging security threats.
• Develop and manage relationships with high-level law enforcement officials and international counterparts.
• Experience with any Public Clouds (AWS/GCP/Azure).
• Experience with reporting/visualization of metrics, establishing and maintaining standards, processes, and procedures.