This role sits within our Financial & Risk ("F&R") business.
This role will sit within the Security Operations group which provides protects and defends the F&R enterprise. The Lead Cyber Security Analyst - CIRT Tier 3 will work in both a team environment and independently to analyze Information Security systems and threat intelligence to identify incidents and recommend mitigation strategies. This position will analyze information systems in order to detect and respond to potential threats in the environment. Additionally, they will act as the Lead Cyber Security Analyst in resolving security incidents.
- Serve as a focal technical lead on incident events and incidents
- Provide technical, hands-on incident investigation and support and serve as a primary point of contact with management
- Lead the investigative process for network intrusions and other cyber security incidents to determine the cause and extent of cyber attacks
- Summarize events and incidents effectively to different constituencies such as legal counsel, executive management and technical staff, both in written and verbal forms
- Manage the chain of custody for all evidence collected during incidents, security, and forensic investigations
- Monitor for and investigate suspicious or malicious activity and alerts
- Ongoing review of SIEM dashboards, system, application logs, and custom monitoring tools
- Perform advanced malware and threat analysis
- Monitor and analyze SIEM, UBA, network traffic, Intrusion Detection Systems (IDS), security events and logs
- Prioritize and differentiate between potential incidents and false alarms.
- Lead and train Tier 1 and Tier 2 incident responders in the steps to take to investigate and resolve computer security incidents.
- Stay up to date with current vulnerabilities, attacks, and countermeasures.
Qualifications / Requirements:
- Bachelor's degree in Computer Science/Information Security/similar major or 4+ years of related field experience
- 2+ years of work experience in Information Technology
- 5+ years of experience in security incident handling and forensics skills including knowledge of common probing and attack methods, network/service discovery, system assessment, viruses and other forms of malware.
- Experience mitigating and addressing threat vectors including Advanced Persistent Threat (APT), Distributed Denial of Service (DDoS), Phishing, Malicious Payloads, Malware, etc.
- Experience with Information Security technologies such as but not limited to SIEM, IPS/IDS, Vulnerability Management Software, User Behavior Monitoring, Unstructured Data Monitoring tools or Internet Content Filters.
- Experience reading and understanding system data, including, but not limited to, security event logs, system logs, and firewall logs
- Intermediate understanding of network technologies such as TCP/IP, IDS/IPS, firewalls, LAN/WAN, routing and switching.
- Intermediate knowledge of the following platforms in an enterprise environment - Microsoft Windows, Solaris, Linux.
- This position requires strong analytical skills and attention to detail, which will allow advising on how best to respond to abnormal network/system behavior.
- Must possess excellent written and verbal communication skills
- Travel (including international) may be required up to 15%.
- Evening and weekend hours expected during incidents
- Any of the following professional certifications are a plus: CISSP - Certified Information Systems Security Professional. CEH - Certified Ethical Hacker, CompTIA Security +, SANS GIAC
- Microsoft, Linux, Networking or related certifications
- Knowledge of offensive security techniques
- Experience working in a global financial company
- Knowledge of common security assessment frameworks such as MITRE ATT&CK Matrix, NIST, HITRUST, COBIT, etc.
- Familiarity with scripting languages and data analysis tools
- Experience leading small teams