The CVS Threat Hunting teams mission is to proactively discover, document, and report evidence of previously undetected threats on enterprise networks, servers, workstations, and network devices. Through investigation of the environment, the Threat Hunting teams goals is to reduce dwell time of adversaries and thus reduce their impact on the organization, and directly enhance incident detection capabilities through advanced analysis techniques, both human-driven and automated.CVS is looking for a results-driven Threat Hunter to join our growing cybersecurity team. In this role, you will take a proactive approach to identifying, analyzing, and mitigating cyber threats before they can cause significant damage to our organization. As a Threat Hunter, you will actively seek out threats advanced and simple across our infrastructure, leveraging tools, threat intelligence, and in-depth knowledge of attack techniques to identify potential risks. Unlike traditional security operations roles, this position focuses on actively hunting for threats that may evade automated defenses or go unnoticed by conventional detection methods.

This role is ideal for someone with a deep understanding of cybersecurity, who thrives in a collaborative environment and enjoys the challenge of solving complex security puzzles. You will be an essential part of a forward-thinking security operations team, helping to continually evolve our threat detection capabilities, improve response times, and ultimately protect the integrity of our critical systems and sensitive data. If you're passionate about staying ahead of emerging threats and have a penchant for proactive defense, we want to hear from you.Key Responsibilities:

• Proactively identify, hunt, and investigate advanced threats and attacks within the organization's networks and endpoints.
• Analyze large volumes of data from various sources to identify suspicious activities and anomalous behavior patterns.
• Develop and implement custom detection rules, hunting strategies, and automation to detect complex, hidden threats.
• Collaborate with incident response teams to investigate and mitigate security incidents, ensuring timely and effective remediation.
• Conduct deep-dive forensic analysis and threat intelligence research to understand the tactics, techniques, and procedures (TTPs) of threat actors.
• Provide mentoring and guidance to junior threat hunters and cybersecurity staff.
• Stay up to date with the latest cybersecurity threats, trends, and technologies to continuously enhance detection capabilities.
• Document findings, create reports, and present actionable insights to stakeholders, including leadership teams.
• Develop and improve threat-hunting playbooks, processes, and methodologies.

Requirements:

• 5+ years of experience in a cybersecurity role, with a strong focus on threat hunting, incident response, or advanced threat detection.
• 5+ years of experience with analyzing attack vectors, utilizing intrusion detection systems (IDS), endpoint detection and response (EDR) tools, SIEM, and other security technologies.
• 2+ years of proficiency with scripting languages (Python, PowerShell, etc.) for automation and analysis tasks.
• 2+ years of experience with threat intelligence platforms and frameworks (e.g., MITRE ATT&CK, STIX/TAXII).
• 3+ years of experience conducting analysis, with the ability to identify patterns and correlations within large datasets.
• 1+ years of experience with malware analysis, reverse engineering, and common exploit techniques.

Preferred Qualifications:

• Strong communication skills, both written and verbal, with the ability to present technical findings to non-technical stakeholders.
• Ability to work in an evolving environment while managing multiple priorities.
• Relevant certifications such as Certified Ethical Hacker (CEH), GIAC Cyber Threat Intelligence (GCTI), Certified Information Systems Security Professional (CISSP), or GIAC Security Essentials (GSEC).
• Experience with cloud security (AWS, Azure, GCP).
• Familiarity with network traffic analysis and protocols (e.g., DNS, HTTP, SSL/TLS).
• Knowledge of advanced malware techniques and/or reverse engineering.

Education:

Bachelor's degree or equivalent experience (HS diploma + 4 years relevant experience)Pay Range

The typical pay range for this role is:$118,450.00 - $236,900.00

This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls. The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors. This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above. This position also includes an award target in the company's equity award program.

In addition to your compensation, enjoy the rewards of an organization that puts our heart into caring for our colleagues and our communities. The Company offers a full range of medical, dental, and vision benefits. Eligible employees may enroll in the Company's 401(k) retirement savings plan, and an Employee Stock Purchase Plan is also available for eligible employees. The Company provides a fully-paid term life insurance plan to eligible employees, and short-term and long term disability benefits. CVS Health also offers numerous well-being programs, education assistance, free development courses, a CVS store discount, and discount programs with participating partners. As for time off, Company employees enjoy Paid Time Off ("PTO") or vacation pay, as well as paid holidays throughout the calendar year. Number of paid holidays, sick time and other time off are provided consistent with relevant state law and Company policies.

For more detailed information on available benefits, please visit Benefits | CVS HealthWe anticipate the application window for this opening will close on: 01/29/2025Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state and local laws.