Threat Hunter - Threat Hunter Lead at Oncor Electric Delivery Company LLC

Salary Range: $87,182 - $145,509
Relocation:  No 

About Us 

Oncor Electric Delivery Company LLC, headquartered in Dallas, is a regulated electricity transmission and distribution business that uses superior asset management skills to provide reliable electricity delivery to consumers. Oncor (together with its subsidiaries) operates the largest transmission and distribution system in Texas, delivering power to nearly 4 million homes and businesses and operating more than 143,000 miles of transmission and distribution lines in Texas.

Summary

Responsible for ensuring the safety of technology platforms inclusive of workstations, server systems, networks, applications, databases and electronic information, and to protect the systems from security violations, access or destruction.  Assists with implementing Information Technology security policies covering protocols, applications, networks, client and server systems, personnel and other risk management mechanisms.

We are considering applicants with multiple experience levels. Please view all details related to responsibilities, education, and experience level for each level of consideration.

Threat Hunter – Senior Threat Hunter

Key Roles & Responsibilities  

Threat Hunter

• Actively monitor and investigate in real-time the organization’s networks, systems, applications, and databases to protect Oncor internal partners and our customers from security violations, access, or destruction
• Look beyond pre-configured alerts to discover potential security incidents
• Conduct security event detection and threat analysis for escalated security events
• Uncover information gaps that can help identify potential threats in the short and long term and recommends security enhancements to Lead Threat Hunting or Senior Threat Hunter
• Research open-source intelligence, social media platforms, and deep/dark web for known and potential external and insider threats capable of impacting our employees and/or customers.
• Research and analyze the latest information technology security trends and methods of attack and propose security standards, rules, alerts and best practices for the organization
• Analyze threat information from a variety of internal and external sources to provide actionable intelligence to maintain and enhance the defenses of Oncor information systems and resources
• Support internal investigations by performing data and system forensics, and other investigative techniques and conduct computer and mobile device forensic examinations, including preservation, acquisition, and analysis of digital evidence
• Produce and review reports and presentations for management including security recommendations, on technology security vulnerabilities, both planned in place, and future direction
• Support Cybersecurity investigations and incident response by making recommendations to management on findings and solutions. Ensure incidents are minimized through design, tools and processes
• Support onboarding of new security technologies by working with project and vendor teams in order to ensure production system readiness from an operational and technical perspective
• Actively engage and collaborate with other groups within the Digital Grid Management team and our internal partners
• Assist in identifying technical and regulatory changes in the security landscape
• Be a change agent to adapt and drive change throughout the organization
• Strong interpersonal skills, a positive attitude, and the ability to thrive in a fast-paced environment
• Self-motivated, results-oriented with a passion to deliver above par results in a proactive manner
• Performs all essential functions and aspects of the job including any other specific job requirements as assigned

Senior Threat Hunter (in addition to above responsibilities)

• Utilize advanced detection methods in existing Security Operations Center (SOC) systems to identify potential security threats
• Conduct advanced security event detection and threat analysis for complex and/or escalated security events. 
• Look beyond pre-configured alerts to discover potential security incidents and provide protection recommendations
• Research and identify detection capabilities and gaps within SOC tools using the MITRE Att&ck Framework
• Performs technical reviews of documentation to ensure computer security integration and compliance with regulations such as 
• North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP), Sarbanes-Oxley Act (SOX), International Organization for Standardization (ISO), etc.

Skills

• Technical understanding of network concepts, protocols, services and operating systems
• Technical understanding of vulnerabilities and how attackers can exploit vulnerabilities to compromise systems
• Cyber forensics experience is encouraged to apply
• Proven analytical, problem solving, and research skills with readiness to defend analysis
• Ability to obtain certifications in industry specific and technical fields, such as NERC-CIP and CompTIA Security +, Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), Certified Threat Hunting Professional (CTHP)
• Excellent organizational and communication skills
• Ability to work independently and handle a high level of responsibility
• Ability to adapt to changing threat landscape, systems, and processes
• Detail oriented
• Proven communication and analytical skills, both written and verbal
• Strong knowledge creating Threat Hunting queries in multiple query languages

Education and Experience

Threat Hunter

• High school diploma, GED, or equivalent is required
• 2 plus years cybersecurity or information technology experience is required
• 2 plus years in cybersecurity monitoring working with security tools is encouraged to apply
• 1 plus year in a threat hunting role is encouraged to apply

Threat Hunter Senior

• 3 plus years cybersecurity or information technology experience is required
• 3 plus years in cybersecurity monitoring working with security tools is encouraged to apply
• 2 plus years in a threat hunting role is encouraged to apply.

Applicants with a Bachelor’s degree in information technology, computer science, cybersecurity or another related field is encouraged to apply.  

Measures of Success

• Actively identifies and remediates cyber and insider threat events and works to completion in a timely manner
• Collaborates consistently with Digital Grid Management (DGM) SOC analysts
• Demonstrates aptitude in developing use cases based off of threat intelligence and ever evolving threat landscape
• Demonstrates skills in prioritization and multi-tasking, and success in adapting to change in a fast-paced environment
• Demonstrates ability to collaborate with internal partners in a professional manner
• Demonstrates ability to learn and identify new security methods, tactics, and threat vectors
• Demonstrates leadership by helping develop SOC analysts
• Provides consistent and timely intelligence information and trends

Lead Threat Hunter

Key Roles & Responsibilities

• Lead the team effort to look beyond pre-configured alerts to discover potential security incidents and lead the effort in creating additional rules/alerts
• Coordinate monitoring and investigation of the organization’s networks, systems, applications, and databases to protect Oncor internal partners and our customers from security violations, access, or destruction
• Lead the team effort in advanced security event detection and threat analysis for complex and/or escalated security events.  
• Drive the effort to uncover information gaps that can help identify potential threats in the short and long term and recommends security enhancements to management or SOC Leadership
• Spearhead the research effort of open-source intelligence, social media platforms, and deep/dark web for known and potential external and insider threats capable of impacting our customers. Lead and assist third party vendor in developing dark web monitoring rules.
• Provide direction for researching and analyzing the latest information technology security trends and methods of attack and propose security standards, rules, alerts and best practices for the organization
• Analyze threat information from a variety of internal and external sources to provide actionable intelligence to maintain and enhance the defenses of Oncor information systems and resources
• Support internal investigations by performing data and system forensics, and other investigative techniques and conduct computer and mobile device forensic examinations, including preservation, acquisition, and analysis of digital evidence
• Lead team effort to ensure good security posture by acting as subject matter expert on existing security technologies by administering, integrating, maintaining, and troubleshooting systems
• Direct the team to produce, review, and finalize reports, metrics and presentations for management including security recommendations, on technology security vulnerabilities, both planned in place, and future direction
• Take the lead to support Cybersecurity investigations and incident response by making recommendations to management on findings and solutions.  Ensure incidents are minimized through design, tools and processes
• Lead and drive the onboarding of new security technologies by working with project and vendor teams in order to ensure production system readiness from an operational and technical perspective
• Performs technical reviews of documentation to ensure computer security integration and compliance with regulations such as North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP), Sarbanes-Oxley Act (SOX), International Organization for Standardization (ISO), etc.
• Lead the efforts to actively engage and collaborate with other groups within the Digital Grid Management team and our internal partners
• Assist in identifying technical and regulatory changes in the security landscape
• Be a change agent to adapt and drive change throughout the organization
• Strong interpersonal skills, a positive attitude, and the ability to thrive in a fast-paced environment
• Self motivated, results-oriented with a passion to deliver above par results in a proactive manner
• Perform all essential aspects and functions of the job as well as any other specific job requirements as assigned

Skills

• Ability to obtain certifications in industry specific and technical fields, such as NERC-CIP and CompTIA Security +, ISC²  certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), Certified Threat Hunting Professional (CTHP)
• Advanced understanding of network concepts, protocols, services and operating systems
• Advanced technical understanding of vulnerabilities and how attackers can exploit vulnerabilities to compromise systems
• Cyber forensics experience preferred
• Advanced knowledge creating Threat Hunting queries in multiple query languages
• Advanced analytical, problem solving, and research skills with readiness to defend analysis
• Advanced verbal and written communication skills
• Ability to work in an open and collaborative environment

Education and Experience

• High school diploma, GED, or equivalent is required
• Bachelor’s Degree in Information Technology, Computer Science, Cybersecurity or another related field is encouraged to apply
• 4 plus years cybersecurity or information technology experience is required
• 4 plus years in cybersecurity monitoring working with security tools is encouraged to apply
• 3 plus years in a threat hunting role is required
• 1 plus year managing subordinates is strongly encouraged to apply

Measures of Success

• Leads team effort to actively identify and remediate cyber and insider threat events and ensure team works to completion in a timely manner
• Leads team by developing and scheduling training to stay in front over ever changing threat landscape
• Provides consistent and timely intelligence information and trends
• Prioritize events and detections for team completion
• Demonstrates leadership by helping develop the team and SOC analysts
• Demonstrates skills in prioritization and multi-tasking, and success in adapting to change in a fast-paced environment
• Demonstrates ability to lead and collaborate with internal partners in a professional manner
• Demonstrates ability to learn and identify new security methods, tactics, and threat vectors

Note:  The above statements are intended to describe the general nature and level of work being performed.  They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel.  Possible 24x7; on call/off hour security support; weekend; holidays.

Benefits 

At Oncor, we offer a comprehensive set of benefits, compensation and performance management programs designed specifically to attract, retain, motivate and reward our high-performing workforce. Our supportive and inclusive culture allows every team member the opportunity to thrive and make a difference. We invest in our employee’s success and well-being by offering such things as:

• Annual incentive program
• Competitive health and welfare benefits (medical, dental, vision, life insurance)
• Ability to earn wellness incentives (up to $2,000 in 2025) and other wellbeing resources
• 401k with dollar-for-dollar company match up to 6%
• 401k match with student debt program
• Cash balance pension plan
• Adoption Assistance
• Mental health resources
• Employee resource groups
• Tuition reimbursement
• Competitive vacation, 10 company holidays and 2 personal holidays
• Paid parental leave
• Salary continuation for up to 6 months for approved employee illness or injury
• Other perks such as commuter benefits, electric vehicle incentive program, appliance purchase plan

Participation in benefit programs for employees in collective bargaining units is subject to the applicable collective bargaining agreement.