- Threat Hunter
- Houston, TX, US
- Posted On: 10/04/2018
- Employment Type: Full Time
- Job Class: Information & Tech
The Threat Hunter reports to the Information Security Officer and while it has many responsibilities, the primary focus is to protect FLNG systems from criminal activity - specifically breach or ransomware attack. Daily activities will center around detecting and responding to suspicious and/or criminal activity. Carbon Black and Splunk will be your primary tools for hunting. You will also validate security and detective controls through hands-on red team penetration testing exercises on the business and process control networks. Think Metasploit, Powershell Empire, and custom scripts written by you and members of your team. You'll work with state-of-the-art suspicious activity detection, incident response, penetration testing and forensic technologies, using commercial and open source solutions. You will also receive significant training - both daily hands on activities and through SANS or other leading cybersecurity training providers.
Essential Functions & Duties/Responsibilities
- Threat Detection & Incident Response: Detect & Eradicate Evil! -- Investigate to cybersecurity alerts on both the Business and ICS networks. Perform initial triage, live response, and containment. Determine root cause. Tune false positives. 40% of the team members time.
- Threat Simulation: Be Evil! -- Perform regular adversary simulation activities which validate existing security controls can detect threat actor activity including exploitation, credential compromise, lateral movement, or attempts to interact with critical systems and devices. 20% of the team members time.
- Threat Intelligence: Learn about new Evil! -- Actively track nation state and cybercriminal actors, including their methods of credential compromise, persistence/deployment, and lateral movement inside Business and ICS networks. Create new watchlists and alerts to detect this activity. 10%
- Technical Writing: Document investigations, findings, prepare formal reports, security requirements, and centrally track incident response activities. Create and update ICS incident playbooks. 5%
- Lab Time: Learn new threat detection, threat simulation, investigation and script building skills. Attend cybersecurity seminars, webinars, and team exercises. 20% of the team members time.
- Possesses a strong sense of urgency!Finish what you start in a timely manner.
- Demonstrated desire to learn / expand areas of expertise
- Possesses strong analytical and problem-solving skills
- Works well under pressure, remaining focused and calm in the face of distractions and changing priorities
- Possesses strong leadership skills and the ability to work effectively in a team environment
- Possesses excellent interpersonal skills and ability to coordinate and build effective relationships
- Possesses ability to prioritize workload – this role will involve significant multitasking!
- Understanding of Natural Gas/Liquefied Natural Gas/Natural Gas Liquids production, processing, distribution, business and marketing is a plus
- Plant-site experience is a plus
- Experience scripting with Powershell, shell and python is a plus
As specified in the FLNG Authority Limits.
Key Relationships within and outside the Company
- Threat Hunter
- Cybersecurity Vulnerability Analyst
- Senior Process Control Network Engineer
- Maintenance System Supervisor
- Network & Infrastructure Director
- VP, Information Technology
- All FLNG IT Personnel
- Preferred Security Vendors, Partners and System Integrators
HSE Roles and Responsibilities
Support the policies, efforts, and programs of Freeport LNG Health, Safety and Environmental Management System. Actively participate in the HSE Management System Policies. Ensure that HSE concerns are given priority in all activities completed within their area of responsibility. Implement routine inspections to ensure safe operating conditions.
Working Conditions & Physical Expectations
- Primarily a typical office environment
- Stand and/or sit continuously and perform job functions for a full shift.
- Ability to move throughout all areas of the facility.
- Able to wear all necessary PPE equipment to perform job functions.
- Physically able to walk, stand, bend, stoop, kneel, reach, twist, lift, push, pull, climb, balance, crouch, handle and move items weighing up to 50 lbs. without assistance.
- Visual acuity corrected to perform job functions.
- Ability to distinguish color to perform job functions.
- Exposure to indoor and outdoor weather conditions.
- Possible exposure to hot, cold, wet, humid or windy weather conditions.
- Exposure to constant or intermittent sounds of a pitch level sufficient to cause marked distraction.
- Exposure to moving mechanical parts and electrical circuits.
Position title and compensation will commensurate with experience.