The Information Security Office’s vision is to realize a culture of security that manages risks, defends against threats, and integrates information security into business and technology. The Global Cyber Security (GCS) Team supports this vision though the detection, analysis, and mitigation of cyber security threats facing. The Digital Forensics and Incident Response (DFIR) Team under GCS is responsible for the coordination and investigation of cyber security incidents, forensic analysis, and forensic data collection in support of business functions.
As a Lead Security Analyst on the DFIR Team, you will:
- Coordinate resources during a cyber-security event, driving issues to a timely and complete resolution
- Conduct analysis, response, triage, recovery, and improvements for security events
- Perform work in a fast-paced environment utilizing a set of security related tools (e.g. WAF, SOAR, SIEM, UBA, IDS/IPS, anti-virus, firewalls, etc.), developing new team processes, verifying/testing new monitoring tools, and working with internal/external teams on security issues
- Use data to aid in decision-making by not only looking at data provided, but also determining what additional data might be needed
- Conduct investigations into moderate to complex cyber security incidents using fundamental incident response processes and approach
- Present complex technical incident details to legal, privacy, and senior leadership for evaluation
- Use lessons learned to improve security posture in conjunction with the GCS leadership team
- Ensure constant state of incident readiness that adapts to the changing threat landscape by maintaining playbooks and processes used by the team
- Ensure forensic practices are followed in the collection and preservation of data related to security incidents, legal holds, and other investigations
Required:
- Must be presently authorized to work in the U.S. without a requirement for work authorization sponsorship by our company for this position now or in the future
- Must be committed to incorporating security into all decisions and daily job responsibilities
- 10+ years of related experience
- Strong security-related experience, to include data analysis and data science skills
- Professional security experience such as: incident response, alert monitoring, cloud security, forensic investigations, security awareness, etc.
- Excellent problem solving and analytical skills, the ability to define problems, collect data, establish facts and draw valid conclusions
- Ability to gather all relevant incident information, in accordance with incident management and response processes, and analyze incident information to understand the scope of the incident
- Ability to collect large sets of structured and unstructured data from disparate sources; analyze that data to identify trends and patterns; interpret the data to discover solutions and opportunities; and create reports, presentations, or dashboards to communicate findings to technical and non-technical audiences
- Strong documentation and reporting skills
- Experience responding to security incident types, such as DDoS attacks, anomalous activity, malware infections, APT activity, unauthorized access, data extraction, etc.
- Ability to analyze forensic and log data to identify root cause and or indicators of compromise
- Knowledge of Network Protocols, Packet Captures, Security Controls, Scripting, SIEM, standard ticketing systems, Open Source Tools, Web Application Firewalls, PKI, and vulnerability scanning
- Understanding of sound investigative techniques for suspected and confirmed incidents
- Experience with task automation and developing new and improved processes
- Must have displayed team-centric and leadership skills, including leading and facilitating meetings (in-person and/or virtual)
- Must have a strong solution orientation
- Must be able to work independently with a sense of ownership to accomplish department and project tasks
- Ability to maintain a high degree of confidentiality
Preferred:
- Bachelor's degree in Cyber Security, Computer Science, Computer Information Systems, Management Information Systems, or extensive security related experience OR equivalent combination of education and experience is preferred
- Security related certifications such as: CISSP, CompTIA Security +, GCIH, security tool certs
- Linux Shell Scripting (Python Shell Scripting preferred)
- Experience conducting data analysis using tools such as Python, R, Tableu, or PowerBI
- Prior experience in incident response related directly to moderate to complex security incidents
Pay Range: $100,000- $140,000. The specific compensation for this position will be determined by a number of factors, including the scope, complexity and location of the role as well as the cost of labor in the market; the skills, education, training, credentials and experience of the candidate; and other conditions of employment. Our full-time consultants have access to benefits including medical, dental, vision as well as 401K contributions.
#LI-REMOTE
