CLEAR makes life easier and more secure by using biometrics – your fingerprints, eyes and face – to confirm that you are you, and keep you moving. Imagine a world where you can do virtually everything you need to – breeze through the airport, buy a beer at the game, check-in at the doctor’s office, access your office building, and more – without ever pulling out your wallet or phone. Now in 45+ airports and other venues nationwide, you are your ID, credit card, ticket, reservation and more with CLEAR.

We’re defining and leading an entirely new industry, moving quickly with data-informed decisions, obsessing over our customers, and investing in great people to lead the way. Recently named on CNBC’s Disruptor 50 List and winner of the SXSW Interactive Innovation Award, we’re working tirelessly to create frictionless customer experiences for our 3+ million members across the country.

We are looking for a Senior Threat Hunting Analyst to join our team. The ideal candidate has a strong drive to solve security challenges and the desire to implement best-in-class security measures using cutting edge technology. The right person for this role has a proven track record of delivering high-quality security solutions in a scaling environment.

What You Will Do:

• Support the incident response team by providing advanced analysis services when requested to include recommending containment and remediation processes, independent analysis of security events.
• Implement new detection capabilities and improve upon existing security tools.
• Review audit logs and identify/audit behavior.
• Create and disseminate summary reports, investigation reports, and threat briefs.
• Recommend remediation activities to secure the source or initial point of access of intrusion.
• Provide cyber threat intelligence collection & correlation in coordination with a cyber-threat team.
• Profile and track APT actors that pose a threat in coordination with threat intelligence support teams.
• Provide targeted attack detection and analysis, including the development of custom signatures and log queries and analytics for the identification of targeted attacks.
• Develop and execute custom scripts to identify host-based indicators of compromise. Determine scope of intrusion identifying the initial point of access or source.
• Provide executive level cyber security strategic recommendations along with security engineering recommendations and custom solutions to counter adversarial activity.
• Develop analytics to correlate IOCs and maximize threat detection capabilities based off defense analysis processes. Conduct analysis of network traffic and host activity across a wide array of technologies and platforms
• Assist in incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts. Compile detailed investigation and analysis reports for internal SOC consumption and delivery to management
• Track threat actors and associated tactics, techniques, and procedures (TTPs). Capture intelligence on threat actor TTPs and develop countermeasures in response to threat actors
• Analyze network traffic, IDS/IPS/DLP events, packet capture, FW logs, malicious campaigns and evaluate the effectiveness of security technologies
• Provide expert analytic investigative support of large scale and complex security incidents
• Perform Root Cause Analysis of security incidents for further enhancement of alert catalog. Review alerts generated by detection infrastructure for false positive alerts and modify alerts as needed
• Provide forensic analysis of network packet captures, DNS, proxy, vpcflow, malware, host-based security and application logs, as well as logs from various types of security sensors

Who You Are:

• Bachelor’s degree in Computer Science, Information Systems Management, Engineer or related field 
• 4+ years of experience with the incident response process, including detecting advanced adversaries, log analysis using SIEM, and malware triage
• Experience with packet analysis and usage of deep packet inspection toolsets.
• Knowledge and experience working with the Cyber Kill Chain Model, Diamond Model or MITER ATT&CK Matrix
• Familiarity with EDR/SOAR/Anomaly detection solutions.
• Experience with Splunk and Splunk Enterprise security.
• Strong usage of scripting languages for automation, such as Python, Powershell, Bash.
• Experience with Security Operations.
• A working understanding of cloud security, mobile security, container security.
• Experience with APT/crimeware ecosystems