Are you an experienced information security professional with high-impact leadership skills? Are you seeking a challenge within a growing business? As a threat hunt and intelligence lead, you will be a key member of the Information Security Operations team. This new role within the recently transformed Information Security team will be critical to the performance of Commonwealth’s operational capabilities. You will be defending our infrastructure as well as the security and privacy of the clients that we serve. A key function of this role is to help identify and aggressively pursue potential infrastructure security threats. You will work collaboratively with the Information Security team to ensure that solutions and services are designed and adopted effectively.
Our vision is to be recognized as a leading information security function within the financial sector. We strive to be a trusted partner who exceeds expectations by delivering indispensable and reliable services to our advisors, customers, and communities.
- Hunting actively for indicators of compromise (IOC) and APT tactics, techniques, and procedures (TTP) in the network and in the host, as necessary
- Searching network flow, PCAP, logs, and sensors for evidence of cyberattack patterns, and hunting for advanced persistent threats (APT)
- Creating detailed incident reports and contributing to education in collaboration with the appropriate team
- Collaborating with the security operations center (SOC) and analysts to contain and investigate major incidents
- Providing simple and reusable hunt tactics and techniques to a team of security engineers, SIEM specialists, and SOC analysts
- Working with leadership and the engineering team to improve and expand available tool sets
- Analyzing network perimeter data, flow, packet filtering, firewalls, and IPS/IDS to create and implement a concrete plan of action to harden the defensive posture
- Monitoring open source and commercial threat intelligence for IOCs, new vulnerabilities, software weaknesses, and other attacker TTPs
- Performing scoped and open-ended vulnerability assessments on internal and external-facing systems
- Proactively analyzing and reviewing external threat intelligence reports and determining relevance for Commonwealth and our stakeholders by evaluating content for future mitigation or detection
- Producing actionable intelligence in the form of alerts, reports, and briefings
- Attending and contributing to regular meetings with internal teams and external threat intelligence partners and vendors to maintain a common operating picture of the security threat landscape
- Using premium threat intelligence tooling to enrich indicators of compromise and pivot to additional threat-related infrastructure and tooling
- Experience with securing and hardening IT infrastructure
- Demonstrated or advanced experience with computer networking and operating systems
- Experience with operational security, including SOC, incident response, malware analysis, and IDS/IPS analyses
- Ability to analyze malware, extract indicators, and create signatures in Yara, Snort, and IOCs
- Strong analytical skills and the ability to effectively research, write, communicate, and brief to varying levels of audiences, including at the executive level
- Strong knowledge on the current state of security adversary tactics and trends
- Experience with and understanding of Splunk search language, search techniques, alerts, dashboards, and report building
Additional skills and knowledge
- Bachelor’s degree in information systems or a related discipline, or equivalent training
- 5+ years of related work experience in a threat hunt, penetration testing role
- Understanding of the best practices, control frameworks, and applicable existing and new legal/regulatory requirements (e.g., SEC Regulation S-P, FINRA cybersecurity recommendations, data privacy and breach notification laws, ISO 27001, NIST CSF and SP 800-53, CIS, CSA CCM, and PCI DSS)
- Active Top Secret with the ability to obtain an SCI
- Certifications desired: CISSP, SANS GCTI, CCSP, GCFA, GCFE, GREM, GNFA, or OSCP certification
- Demonstrated proficiency with regular expression and scripting languages, including Python or PowerShell
- Demonstrated proficiency with data hunting, including ELK, Splunk, Apache Spark, or Azure
- Familiarity with NetFlow data, DNS logs, proxy logs
- Experience with network hunting, including Bro Logs, NetFlow, PCAP, or Palo Alto firewalls
- Knowledge of Windows and Linux operating systems and command line
- Knowledge of the TCP/IP networking stack and network IDS technologies
Have we piqued your curiosity? Can you see yourself thriving in this opportunity? Let’s introduce ourselves.
Picture Yourself Here
Imagine keeping company with big thinkers and even bigger doers who share a common purpose to make a profound difference. Figure in an experience-it-to-believe-it culture, massive growth potential, and benefits galore, and you get the full impression.
We are committed to providing a supportive, equitable environment where you can bring your full, authentic self to your work every day and truly thrive in meaningful ways—personally and professionally. At Commonwealth, everyone plays a part in our success story. And in building a more diverse and inclusive workplace, we are broadening our perspectives and capabilities. Together, our potential is limitless. Come join us on the pathway to a brighter future!
Commonwealth Financial Network, Member FINRA/SIPC, a Registered Investment Adviser, provides a suite of business solutions that empowers more than 2,000 independent financial advisors nationwide. J.D. Power ranks Commonwealth “#1 in Independent Advisor Satisfaction Among Financial Investment Firms, Eight Times in a Row.” Privately held since 1979, the firm has headquarters in Waltham, Massachusetts, and San Diego, California.
Turning our advisors into raving fans starts by doing the same for our employees. We foster an environment of excellence, growth, rewards, and fun in equal measure, so our employees genuinely enjoy coming to work. Our refreshing workplace culture has earned us 43 Best Place to Work awards—and counting.
The Fine Print
We care about your online safety as a prospective employee and encourage you to exercise caution when responding to job postings online. Commonwealth will never ask potential hiring candidates to pay or transfer funds as a precondition of interviews or employment, nor will we authorize recruiters or agents to do so on our behalf.
Commonwealth is an equal opportunity employer, making intentional efforts to source the very best talent from all backgrounds.