PepsiCo is one of the world's leading food and beverage companies with products sold in more than 200 countries and territories around the world. PepsiCo is expanding its Global Information Security team, including the Cyber Fusion Center, in aWarsaw Poland. The Information Security team in Warsaw, established in 2015, is growing and expanding global capabilities to protect PepsiCo and enable the business securely.
That is why we are looking for cyber security professional to join our very exciting journey to manage cyber security risks for PepsiCo and all our partners around the world:
Threat Hunter Associate Specialist
The Threat Hunter will be a key member of the PepsiCo Cyber Fusion Center (CFC) responsible for participating in threat actor based investigations, creating new detection methodology and providing expert support to incident response and monitoring functions. To execute this mission, the Threat Hunter will use data analysis, threat intelligence, and cutting-edge security technologies.
You will be dedicated to:
- Research and uncovering the unknown about cyber security threats and threat actors.
- Hunt for and identify threat actors by analyzing and researching the techniques, tools and processes used by threat actors.
- Participate in "hunt missions" using threat intelligence, analysis of anomalous log data and results of brainstorming sessions to detect and eradicate threat actors on the PepsiCo network.
- Provide expert analytic investigative support of large scale and complex security incidents.
- Provide forensic analysis of network packet captures, DNS, proxy, Netflow, malware, as well as logs from various types of security sensors, applications and operating systems.
- Perform analysis of security incidents & threat actors for further enhancement of Detection Catalog and Hunt missions by leveraging the MITRE ATT&CK framework
- Document best practices with the CFC staff using available collaboration tools and workspaces.
- Review alerts generated by detection infrastructure for false positive alerts and modify alerts as needed.
To qualify for the role you must have:
- 6+ years overall IT Infrastructure experience
- 3+ years of recent operational security experience (SOC, Incident Response, Malware Analysis, IDS/IPS Analysis, etc.)
- Experience with several of the following topics:
- Malware analysis & reverse engineering
- APT/crimeware ecosystems
- Log management/SIEM
- Software vulnerabilities & exploitation
- Scripting & automation
- Data analytics/science
- Security engineering
- Red Team/Penetration testing
- IT architecture & infrastructure design
It would be perfect to have:
Candidates will be evaluated based on their ability to perform the duties listed above while demonstrating the functional and technical skills and competencies necessary to be highly-effective in the role. These skills and competencies include:
- Demonstrated strong knowledge of Linux/UNIX & Windows operating systems
- Demonstrated knowledge of the Splunk search language, search techniques, alerts, dashboards and report building
- Experience with Snort, Bro or other network intrusion detection tools
- Detailed understanding of the TCP/IP networking stack & network technologies
- Working knowledge of full packet capture PCAP analysis and accompanying tools (Wireshark, etc.)
- Nominal understanding of regular expression and at least one common scripting language (PERL, Python, Powershell)
- Strong collaborative skills and proven ability to work in a diverse global team of security professionals
- Strong organizational skills
- Global position in a highly skilled, multinational team
- The opportunity to contribute to enterprise wide projects in an iconic, leading manufacturing company
- Learning and development possibilities
- Brand new office located downtown
- Private medical care and insurance
- Multisport card