Cyber Security Senior Analyst

• As an active member of the team, monitor and process response for security events on a daily basis.
• Plan and execute regular incident response and postmortem exercises, with a focus on creating measurable benchmarks to show progress (or deficiencies requiring additional attention).
• Stay current with and remain knowledgeable about new threats. Analyze attacker tactics, techniques and procedures (TTPs) from security events across a large heterogeneous network of security devices and end-user systems.
• Drive threat modeling collaboration with other members of the security team.
• Identify automation and orchestration opportunities to automate repetitive tasks.
• Lead incident response as events are escalated, including triage, remediation and documentation.
• Drive threat and vulnerability research across event data collected by systems.
• Investigate and document events to aid incident responders, managers and other CSOC team members on security issues and the emergence of new threats.
• Work alongside other security team members to hunt for and identify security issues generated from the network, including third-party relationships.
• Manage security event investigations, partnering with other business units as needed.
• Evaluate CSOC policies and procedures, and recommend updates to management as appropriate
• Adhere to service level agreements (SLAs), metrics and CSOC SOP's for ticket handling of security incidents and events.
• Leverage knowledge in multiple security disciplines, such as Windows, Unix, Linux, data loss prevention (DLP), endpoint controls, databases, wireless security and data networking, to offer global solutions for a complex heterogeneous environment.

Must-Have*

• Bachelor's Degree business, computer science, or equivalent
• Minimum of 12 years experience in Information/Cyber Security field
• Minimum of 6 years of information security monitoring and response or related experience.

Skills and Knowledge

• Experience working in a 24x7 operational environment, with geographic disparity preferred.
• Experience working with SIEM systems, threat intelligence platforms, security automation and orchestration solutions, intrusion detection and prevention systems (IDS/IPS), file integrity monitoring (FIM), DLP and other network and system monitoring tools.
• Knowledge of a variety of Internet protocols.
• Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively."
• Required SANS GCIH or GCIA; CISSP a plus.
• Technical knowledge and skills in the following areas: SIEM/EDR/NDR/SOAR/SCRUM
• Excellent communication and interpersonal skills
• Has an analytical and problem-solving mindset
• Working knowledge/experience with network systems, security principles, applications and risk and compliance initiatives such as Gramm-Leach Bliley Act (GLBA), Payment Card Industry (PCI), Health Information Portability and Accountability Ace (HIPAA), Sarbanes-Oxley Act (SOX) and the General Data Protection Regulation (GDPR)."