TripAdvisor’s next generation SOC features a dedicated Threat Hunting team designed to proactively detect advanced threats that evade traditional security solutions. Threat hunting includes using both manual and machine-assisted capabilities, and aims to find the Tactics, Techniques and Procedures (TTPs) of advanced adversaries. The candidate must have a curious investigative mind, an interest in information security, and the ability to communicate complex ideas to varied audiences. The Threat Hunter will be a key member of the SOC team responsible for participating in threat actor based investigations, internal red team activities, creating new detection methodology and providing expert support to incident response and monitoring functions. The focus of the Threat Hunter will be to use data analysis, threat intelligence, open source intelligence, and cutting-edge security technologies to develop and execute hunting processes (manual and automated) that will identify threats to tripadvisor and provide quick response to real threats.

Role:

  • The Security Operations Center (SOC) Security Analyst serves in a SOC team, is responsible for conducting information security investigations as a result of security incidents identified by the Level-1 security analysts who are monitoring the security consoles from various SOC entry channels (SIEM, Tickets, Email and Phone). You will provide analysis of Information Security Events received from Managed Security Service (MSS) Partners, Internal Tools, and Stakeholders; determine true or false positive; and execute appropriate response procedures.
  • Utilize intelligence to identify risk as well as execute best practices to mitigate or remediate those risks.
  • The SOC Security Analyst is expected to have a solid understanding of information security and computer systems concepts, encryption protocols, and networking protocols.
  • Develop tools and techniques to act as a red team member within our organization.
  • Provide guidance and oversight on incident resolution and containment techniques.

Job Description:

  • Responsible for conducting information security investigations as a result of security incidents identified by the Level 1 security analyst who are monitoring the security consoles from various SOC entry channels (SIEM, Tickets, Email and Phone), act as a point of escalation for Level-1 SOC security analysts in support of information security investigations to provide guidance and oversight on incident resolution and containment techniques.
  • Act as the lead coordinator to individual information security incidents.
  • Execute red team activities to identify risks not found by existing security tools.
  • Define, create and maintain SIEM correlation rules, customer build documents, security process and procedures.  Follow ITIL practices regarding incident, problem and change management.
  • Automate manual processes to improve efficiency and accuracy of investigations
  • Staying up-to-date with emerging security threats including applicable regulatory security requirements.
  • Mentor security analysts regarding risk management, information security controls, incident analysis, incident response, SIEM monitoring, and other operational tasks (tools, techniques, Procedures) in support of technologies managed by the Security Operations Center.
  • Document incidents from initial detection through final resolution.
  • Participate in security incident management and vulnerability management processes.
  • Lead internal threat / unintended threat hunting/deception activities.
  • Coordinate with IT teams on escalations, tracking, performance issues, and outages.
  • Works as part of a team to ensure that corporate data and technology platform components are safeguarded from known threats.
  • Communicate effectively with customers, teammates, and management.  
  • Provide recommendations in tuning and optimization of security systems, SOC security process, procedures and policies.

The skills required for this candidate

  • Bachelor's Degree / Diploma or equivalent experience in a relevant area of study with a preference for Information Security, Computer Science or Computer Engineering.
  • Excellent English written and verbal skills.  Preferred Information Security professional certifications such as CISSP, CISM, CISA, GSEC, CEH.
  • 3-5 years previous Security Operations Center Experience in conducting security investigations.  
  • Proficient with AWS security best practices and log collection.
  • Able to turn manual processes into automated scripts using python, java, or similar languages.
  • Security monitoring experience with one or more SIEM technologies - ELK, IBM QRadar, LogRhythm, Splunk.
  • Demonstrate skills in digital investigations including: computer forensics, network forensics, malware analysis and memory analysis.
  • Ability to analyze data, such as logs or packets captures, from various sources within the enterprise and draw conclusions regarding past and future security incidents.
  • Strong understanding of networking protocols and basic networking concepts.
  • Self-starter, work independently and adjust to changing priorities, critical and strategic thinker, negotiator and consensus builder.
  • Strong knowledge of IT including multiple operating systems and system administration skills (Windows, Linux, Mac).
  • Strong understanding of security incident management, malware management and vulnerability management processes.  

 

 

 #LI-RF1

Apply for this Job

* Required

  
  
When autocomplete results are available use up and down arrows to review
+ Add Another Education


Demographics

Individuals seeking employment at TripAdvisor are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, sexual orientation, or any characteristic protected by law. TripAdvisor is committed to creating an inclusive culture. If you choose to share this information, it will allow us to track the effectiveness of our recruiting efforts and to monitor the diversity of our applicant pool for all roles and levels.

Please consider answering the following voluntary questions. Completion is entirely voluntary. Should you choose to answer any of the questions, your answers will not be considered in the hiring process or thereafter, and any information you do provide will be stored confidentially and securely and only used for the above purposes.

My gender at birth was




My gender identity is









My sexual orientation is



I identify as











My military status is