Job Title: Information Security Analyst Sr. Lead - Threat Hunter
Work Place Flexibility: Hybrid
Legal Entity: Entergy Services, LLC
**This position is based out of The Woodlands, TX, New Orleans, LA, Little Rock, AR or Jackson, MS. Those outside of these areas would be required to relocate. Relocation assistance and sponsorship is not available for this posting.
Job Summary/Purpose:**
The Cyber Threat Hunter will work proactively to detect and respond to advanced threats that evade traditional and modern security tools. Threat Hunters will leverage threat intelligence, behavioral analytics, advanced threat detection, artificial intelligence (AI) and Agentic AI tools to uncover hidden risks and ensure the security of our systems and data
The Cyber Threat Hunter will coordinate the results of threat hunts with the Entergy Consolidated Security Operations Center (CSOC) which is responsible for preventing, identifying, containing and eradicating threats through monitoring, intrusion detection and preventive measures to assets including LAN/WAN, IT-OT and cloud infrastructure. The CSOC is responsible for continuous improvement to detection of threats, rapid response, and reports of suspected or confirmed security incidents.
The role will report to the Manager of the CSOC and will manage day-to-day tasks as noted below, with additional projects as they arise. We are looking for a skilled information security professional having the experience in identifying, isolating and resolving advanced threats within the organization. The threat hunter will play a prominent role in combating threats using foundational and advanced detection techniques, use automation to perform threat hunts across environments as well as implement deception capabilities. This position will actively search for vulnerabilities and uncover system and software flaws in order to help to mitigate risks that could affect the organization. The Information Security Analyst Sr Lead will be responsible for assisting in investigating and responding to more advanced security incidents, understanding, and mitigating attack vectors, leveraging agentic AI tools for operations and staying abreast of the evolving threat landscape.
This is a hybrid position that can be filled in The Woodlands, TX, Little Rock, AR, Jackson, MS, New Orleans, LA.
Primary Responsibilities *: *
Create threat models to better understand the Entergy IT enterprise, identify gaps to improve defensive controls, expand offensive security capabilities and prioritize mitigations
Utilize Threat Models along with Threat Intelligence to create threat hypothesis
Build hypothesis, execute automated hunting techniques, gather and analyze results, perform forensic activities, deliver reports
Orchestrate AI agents to perform threat hunts
Run and manage security controls for AI systems within threat hunting operations
Develop and maintain work instructions, SOPs, playbooks, system workflows
Assist in expanding and maintaining the Forensics program
Proactively and iteratively search through systems and networks to detect advanced threats
Analyze network, host, and application logs
Analyze malware and code
Have an understanding and knowledge of deception capabilities against advanced threats
Experience implementing, deploying and/or operating deception technologies and tactics
Prepare and report risk analysis and threat findings to appropriate stakeholders
Able to lead hunt missions with minimal to no supervision or guidance
Recommend course of actions, best practices and mitigating actions to improve security practices
Experience briefing senior level leaders and executives as well as the ability to translate technical topics into non-technical terms for decision making
Develop queries for the CSOC for new detections to new attacks
Ability to stay up to date for maintaining and understanding the cyber threat landscape, threat actors and activity to enhance Entergy's cybersecurity posture.
Identify, track and investigate high priority threat campaigns, malicious actors of interest, capabilities and TTPs
Create workflows and automation within the security tools
Collaborate and coordinate with business units to improve threat detection, response and improve the overall security posture
Participate in post-incident reviews to identify lessons learned and best practices.
Knowledgeable in Industrial Control Systems (ICS) and Operational Technology (OT) to protect critical infrastructure and operational assets.
Available to travel up to 25%
Will be responsible for:
Reviewing current and emerging cyber threat intelligence to maintain situational awareness and initiate hunts
Maintaining threat hunts along with providing support to the CSOC as needed during advanced incident escalations
Creating and providing weekly briefings of reports
Collecting, aggregating and reporting on metrics from threat hunts and security cases
Conducting in-depth technical analysis on host-based, network-based, cloud-focused, and mobile systems to identify advanced threats that evade traditional detection systems and signatures
MINIMUM REQUIREMENTS
Minimum education required of the position .
Bachelor's degree (i.e. Cybersecurity, Information security, IT, computer science, etc.) or 5-10 years of prior relevant experience. Additional experience and certifications may be considered in lieu of a degree.
Minimum experience required of the position
Information Security Analyst Sr - Threat Hunter
5+ years recent experience in a technical role in the areas of Security Operations, incident response, detection engineering, offensive security/red team, or cyber threat intelligence
Experience performing threat hunting in an active corporate environment
Experience with host-based and network-based security monitoring using cybersecurity capabilities
Experience with offensive security strategies and assessment methodology
Experience using AI and agentic AI tools
Ability to see the larger picture when dealing with competing requirements and needs
Ability to navigate and work effectively across a complex organization
Experience with more than one or more enterprise EDR and SIEM tool
Experience with digital forensics or incident response on major security incidents
Ability to apply Cyber Threat Intelligence through enrichment, correlation and attribution
Experience consuming and analyzing Cyber Threat Intelligence for actionable takeaways
Experience working with log analysis tools
Experienced developing scripts to support cyber threat detection
Ability to work independently with minimal direction; self-starter / self-motivated
Minimum knowledge, skills and abilities required of the position
Good planning, organizational and time management skills; detail and process-oriented; able to juggle multiple priorities.
Understanding of MITRE ATT&CK Framework
Understanding of AI, AI models, Agentic AI capabilities for threat hunting
Good problem-solving/decision making ability
Good written and verbal communication skills.
Good interpersonal skills, including teamwork.
Highly collaborative, able to work cross-functionally; possessing the ability to forge relationships and partner effectively
Resourceful and self-motivated, able to work independently when required
Good analytical, critical thinking and decision-making skills
Cloud, IT-OT understanding of secure monitoring and incident response
Understanding of systems (including industrial control systems)
Good report writing and communication and ability to effectively communicate across the organization
Demonstrated commitment to customer service with excellent oral and written communication skills
Self-motivated, with ability to work independently and in a team setting while following up on multiple tasks
Any certificates, licenses, etc. required for the position
One or more technical or InfoSec certifications are a plus, i.e., CompTIA, ISACA, EC-Council, or ISC2.
GIAC Certified Incident Handler
GIAC Certified Forensic Analyst
CISSP
SANS GCIA - Intrusion Analyst
SANS GMON - Continuous Monitoring Certification
CCSP - Certified Cloud Security Professional
GIAC Penetration Tester
Kali Linux Offensive Security Certified Professional (OSCP)
Technical Competencies
Hands-on technical engineering and process management skills and the ability to advocate positive transformation
Knowledgeable about security operations, cyber security monitoring, intrusion detection, and secured networks
Knowledgeable about artificial intelligence and agentic AI
In-depth knowledge of common networking protocols
Understanding of complex Enterprise networks to include routing, switching, firewalls, proxies, load balancers
Expertise in network and host-based analysis and investigation
Proficient with scripting languages such as PowerShell or Python
Master knowledge of multiple UNIX OS platforms and Windows-based operating systems
Master knowledge of current IT Security trends and best practices in technology, as well as monitoring best practices and tools
Master knowledge of security, risk, and control frameworks and standards such as ISO 27001 and 27002, SANS-CAG, NIST, FISMA, COBIT, COSO and ITIL
Work Conditions
Office environment with minimal physical requirements. As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.
#LI-DG1 #LI-HYBRID
Primary Location: Texas-Woodlands Texas : The Woodlands
Job Function : Professional
FLSA Status : Professional
Relocation Option:
Union description/code : NON BARGAINING UNIT
Number of Openings : 1
Req ID: 123419
Travel Percentage :Up to 25%
An Equal Opportunity Employer, Minority/Female/Disability/Vets. Please clickhere (https://jobs.entergy.com/content/EEO/locale=en_US) to view the EEO page, or see statements below.
EEO Statement: The Entergy System of Companies provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a protected veteran in accordance with applicable federal, state and local laws. The Entergy System of Companies complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment including, but not limited to, recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.
The Entergy System of Companies expressly prohibits any form of unlawful employee harassment based on race, color, religion, sex, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. Improper interference with the ability of the Entergy System of Company employees to perform their expected job duties is absolutely not tolerated.
Accessibility: Entergy provides reasonable accommodations for online applicants. Requests for a reasonable accommodation may be made orally or in writing by an applicant, employee, or third party on his or her behalf. If you are an individual with a disability and you are in need of an accommodation for the recruiting process please click here (humanr@entergy.comsubject=Accessibility) and provide your name, contact number, the accommodation requested and the requisition number that you are requesting the accommodation for. Employee Services will contact you regarding your request.
Additional Responsibilities: As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.
Know Your Rights: Workplace Discrimination is Illegal (https://www.eeoc.gov/sites/default/files/2023-06/22-088 EEOC KnowYourRights6.12ScreenRdr.pdf)
The non-confidential portions of the affirmative action program for individuals with disabilities and protected veterans shall be available for inspection upon request by any employee or applicant for employment. Please contact HRCompliance@entergy.com to schedule a time to review the affirmative action plan during regular office hours.
WORKING CONDITIONS:
As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.
Please note: Authorization to work in the United States is a precondition to employment in this position. Entergy will not sponsor candidates for work visas for this position.
Job Segment: Information Security, Cyber Security, Corporate Security, Cloud, Computer Forensics, Technology, Security
