The campaign has put out job notices for a cyber threat analyst and cloud security architect as it looks to beef up protections ahead of the 2020 elections.
Joe Biden is looking for cybersecurity help.
The presidential campaign for former vice president and current Democratic nominee put out a job notice for a senior cyber incident response and threat analyst. According to the notice, the position would work out of the campaign’s Philadelphia headquarters and “collaborate with a team of engineers to identify potential threats and investigate anomalous activity.”
The analyst would help prevent, investigate and remediate digital security threats to the Biden campaign. Other duties include log analysis, conducting host-based and network forensic investigations of cybersecurity incidents, tuning security controls to improve the efficacy of security sensors, and developing use cases based on adversarial tactics, techniques and procedures.
The campaign is looking for someone with more than five years of experience in a technical role and who is proficient in Python, Powershell, Bash and other programming languages. Applicants would also need to have experience with cloud architecture, incident response strategy and Security Information and Event Management tools like Splunk.
The campaign is also looking to hire a senior cloud security architect with a background in threat modeling, core cryptography concepts and experience working with Amazon Web Services and Google Cloud applications.
The notices state that both positions would “work closely with the Chief Information Security Officer,” but it’s not clear who that would be. The Biden campaign hired former Target engineer Dan Woods as Chief Technology Officer and a spokesperson told POLITICO last year that cybersecurity was among the position’s responsibilities, but it has not publicly announced the hiring of a CISO. FCW has contacted the Biden campaign for further clarification.
Cybersecurity has been a heightened focus for political campaigns since Russian hackers compromised Democratic National Committee networks and successfully phished the email account of Hillary Clinton campaign chair John Podesta leading up to the 2016 election. The group eventually leaked a series of politically damaging emails from Clinton and other campaign officials as part of a coordinated information operation.
Last month, Google announced that hackers linked to the Chinese government were targeting Biden campaign staffers, while Iranian-aligned hackers have repeatedly targeted President Donald Trump’s campaign.
A number of experts believe that political campaigns are particularly vulnerable components of the election ecosystem, since they often start out operating on shoestring budgets, experience high staff turnover and tend not to put too much emphasis on cybersecurity. Of the major Democratic candidates running for president, only Pete Buttigieg announced the hiring of a CISO. That individual quit after five months on job, citing disagreements with how senior leadership approached cybersecurity issues.
Campaign managers for Clinton and former Republican presidential candidate Mitt Romney teamed up last year to develop a digital security playbook for campaigns, while Google, Microsoft and other companies have rolled out new email protection tools for political campaign staff.