**This position will be posted for a minimum of 3 days and will remain open until filled or adjusted based on the volume of applicants.** **Further your career at Ball, a world leader in manufacturing sustainable aluminum packaging. Achieve extraordinary things when you join our team, and make a difference in your professional development, the community, and around the globe!** **Ball is thrilled to receive Newsweek's 2023 Top 100 Global Most Loved Workplace award! As a sustainable product leader, we have over 16,000 global team members. From endlessly recyclable aluminum cans, and cups, to aerosol bottles, our goal is to contribute to a better community, society, and world.** As the Active Cyber Threat Analyst youre a key member of the Global Cyber Security Team, reporting to the Chief Information Security Director. You will contribute to the success of Ball by actively seeking out threats across our infrastructure, using tools, threat intelligence, and in-depth knowledge of attack techniques to identify potential risks. You will focus on actively seeking threats that may evade automated defenses or go unnoticed by conventional detection methods. **Your Key Areas of Responsibilities Include:** 1. Dedicated Proactive Monitoring and Response a. Proactively monitor real-time security alerts and events from various platforms (SIEM, IDS/IPS, EDR). b. Quickly identify and prioritize potential incidents, escalating where necessary. c. Serve as a primary liaison with managed service providers supporting the same. 2. Threat Intelligence Correlation & Integration a. Correlate external intel with internal telemetry (logs, alerts) to identify potential threat actors or ongoing campaigns. b. Recommend enhanced detection methods based on emerging TTPs (tactics, techniques, and procedures). c. Conduct deep-dive forensic analysis and threat intelligence research to understand the tactics, techniques, and procedures (TTPs) of threat actors. 3. Advanced Incident Response (IR) a. Act as a lead responder for critical incidents, guiding containment, eradication, and recovery efforts. b.Coordinate with forensics teams, legal, and other stakeholders to ensure a comprehensive response. c. Provide expert analysis of malware, network traffic, and system logs to understand the scope and impact of attacks. d. Document findings, create reports, and present actionable insights to stakeholders, including leadership teams. 4. Hunting Campaigns a. Design and execute threat hunting missions using IOCs, behavioral patterns, and intelligence data. b. Develop and implement custom detection rules, hunting strategies, and automation to detect complex, hidden threats. c. Develop and improve threat-hunting playbooks, processes, and methodologies. 5. Correlation and Response Across Security Controls a. Work with Security Operations and IT to continuously integrate and fine-tune security controls (firewalls, IDS/IPS, SIEM, endpoint tools) for optimized detection and response. b. Create and maintain dashboards, metrics, and alerts that centralize relevant security data. c. Find gaps in current controls and drive the implementation of improved detection rules or processes 6. Assessments, Analysis, and Operational Improvement a. Conduct regular security assessments and review existing procedures for enhancement opportunities. b. Provide feedback and recommendations for strengthening configurations, processes, and playbooks. 7. Team Support and Collaboration a. Manage the Active Cyber Team b. Participate in cross-functional projects (e.g., tool integrations or major system upgrades) to ensure security remains a core requirement. c. Mentor junior analysts and other cyber security staff in threat hunting techniques, incident response protocols, and day-to-day monitoring processes. d. Establish and grow effective working relationships within the department and across the Company. e. Proven ability to work under stress in emergencies and flexible to manage multiple high-pressure situations simultaneously, to support a regular and predictable work schedule around such emergencies . **Required Education, Skills and Knowledge:** + Bachelors degree or equivalent education and relevant experience. + 5+ years of experience in a cybersecurity role, with a strong focus on threat hunting, incident response, or advanced threat detection. + Experience with analyzing attack vectors, using intrusion detection systems (IDS), endpoint detection and response (EDR) tools, SIEM, and other security technologies. + Proficiency with scripting languages (Python, PowerShell, etc.) for automation and analysis tasks. + Experience with threat intelligence platforms and frameworks (e.g., MITRE ATT&CK, STIX/TAXII). + Experience conducting analysis, with the ability to show patterns and correlations within large datasets. + Experience with malware analysis, reverse engineering, and common exploit techniques. **Preferred Experience and Skills:** + Military or formal vocational technical training in cyber defense. + Relevant certifications; such as: Certified Ethical Hacker (CEH), GIAC Cyber Threat Intelligence (GCTI), Certified Incident Handler (GCIH), Certified Intrusion Analyst (GCIA), Certified Forensic Analyst (GCFA), Certified Reverse Engineering Malware (GREM), Certified Information Systems Security Professional (CISSP), or GIAC Security Essentials (GSEC). + Experience with cloud security (AWS, Azure, M365 Security, GCP). + Strong analytical mindset and ability to solve complex problems under pressure. + Effective communication skills, both written and verbal, with the ability to present technical findings to non-technical stakeholders. + Collaborative team player that thrives in a fast-paced, global environment. + Strong customer/client focus, with the ability to manage expectations appropriately; provide a superior customer/client experience and build long-term relationships. \#Remote \#LI-RM1 **Compensation & Benefits:** + **This role can be located remotely; however, travel to our Westminster, CO headquarters may be required.** + **Hiring Salary Range:** $ 124,700 - 178,220 (Salary to be determined by the applicants education, experience, knowledge, skills, and abilities, as well as internal equity and alignment with market data.) + This role will be eligible to participate in the annual incentive compensation plan. + Ball includes a comprehensive benefits structure, Go to our career site and click "Total Rewards" to learn more. **When submitting your application to Ball, we encourage you to emphasize your skills, experience, and qualifications that align with the role. Under Colorado, California, Connecticut, Minnesota, and Pennsylvania law, you have the right to exclude or redact age-related detailssuch as your date of birth, school attendance dates, or graduation datesfrom your resume, cover letter, CV, or other supporting documents (e.g., transcripts, certificates).** **Ball Corporation is proud to be an Equal Opportunity Employer. We actively encourage applications from everybody. All qualified job applicants will receive consideration without regard to race, color, religion, creed, national origin, aboriginality, genetic information, ancestry, marital status, sex, sexual orientation, gender identity or expression, physical or mental disability, pregnancy, veteran status, age, political affiliation or any other non-merit characteristic.** When you join Ball you belong to a team of over 16,000 members worldwide. Our products range from infinitely recyclable aluminum cans, cups to aerosol bottles that enable our customers to contribute to a better world.Each of us has a deep commitment to diversity and inclusion which is the foundation of our culture of belonging. Everyone at Ball is making a difference by doing what we love. Because what we create may change, but what we will always make is a difference. Please note the advertised job title might vary from the job title on the contract due to local job title structure and global HR systems. No agencies please. Job Grade:13