Sr. Analyst-Cyber Defense

As one of the world’s leading asset managers, Invesco is dedicated to helping investors worldwide achieve their financial objectives. By delivering the combined power of our distinctive investment management capabilities, we provide a wide range of investment strategies and vehicles to our clients around the world.

If you're looking for challenging work, smart colleagues, and a global employer with a social conscience, come explore your potential at Invesco. Make a difference every day!

Job Description

Duties:

• Analyze information security events from multiple sources, including SIEM, IPS/IDS, firewalls, Endpoint security, cloud security, email gateway, Identity protection, etc., identify the cause of incidents, and respond by applying containment and eradication strategies.
• Design and implement IT security systems (Endpoint security, Email protection, Identity protection, Cloud security) to protect corporate network from cyber threats.
• Respond and analyze cyber incidents, Monitoring IPS/IDS alerts, Coordinating and distributing advisories on cyber security Incident, vulnerabilities, and threats to relevant stakeholders.
• Collaborate closely with Threat Intelligence, Incident Response, Business Security, Application Security, Technology, and other teams as vital.
• Assess vulnerabilities and attacker tactics, techniques, and procedures (TTP) and provide defensive action to locate and prevent threats.
• Review and analyze security data within the SIEM and network traffic such as full packet captures and analysis/or NetFlow data to detect traffic anomalies, identify infected systems, and threat actor related activity based on known tactics, techniques, and procedures.
• Configure rules for real-time alerting in SIEM tool for events, analytic rules, automation rules, hunting queries & Playbook.
• Conduct static and dynamic Malware Analysis.
• Configure and deploy security policies, Rules, and controls within firewalls.
• Configure Palo-Alto Security firewall Policies/Rules, Build Custom objects/Categories for network Configurations based on various enterprise requirements.
• Create and enforce security policies in various Cyber defense tools (Endpoint security/Email gateway, firewalls, AD Groups) to mitigate risks.
• Create and update interactive Security event/Incident Reports and Dashboards for executive leadership.
• Conduct proactive Threat Hunting exercises to identify and mitigate security threats through the review of system logs, threat intelligence, network activity, and known tactics, techniques, and procedures.
• Lead activities to simulate real-world cyber-attacks and assess effectiveness of defensive measures.
• Configure IDS/IPS signatures based on Vendor-provided signatures, Vulnerability Database, CTI Feeds, TCP/IP, HTTP, FTP, SSH protocols following industry standards (NIST, PCI-DSS, HIPAA. etc.), regex, hex encoding and create Custom IDS/IPS based on opensource signatures (snort, Suricata).
• Work under Team Leader to maintain security devices and show practical experience in managing SIEM environments, firewalls, content filters, NIDS, proxy servers, HIPS, and packet capture devices.
• Perform malware analysis by sandboxing file, URL, decoding a script and locate IOCs (Indicators of Compromise) within the file while knowing and understanding the MITRE Kill Chain and other Cybersecurity standards.
• Work on End-End malware remediation process from identifying malware, containing systems while assessing the Enterprise risk, Malware reverse engineering, identifying IOC’s, updating identified signatures and Hunting IOCs in Enterprise environment.
• Work on endpoint security Incidents while providing recommended actions for completely removing all traces of malware from the infected system, including rootkits, Trojans, viruses, and malicious software’s restoring system to a known good state, ensuring the integrity and security of all data and applications.
• Serve as the primary escalation contact for all security incidents in the absence of L3.
• Make recommendations, build, modify, and update IPS policies, Endpoint AV security controls, Network AV security controls, and Security Information Event Management (SIEM) tool rules.
• Mentor and train team members.
• Deliver technical training in areas such as log monitoring, security event analysis, phishing email investigations, and incident handling.

Requirements:

• Must have a Bachelor’s degree in Software or Computer Engineering, Mechanical Engineering, Information Security, or related field.
• Must have obtained at least one of the following certifications: CEH, CompTIA Security +, OSCP, CSTA, CHFI, GPEN, or CASP+
• Must have 5 years of progressive experience in Information/Cyber Security positions performing/utilizing the following:

• Information Security Operations.
• Cyber Incident Response Process identification, analysis, reporting, remediation/mitigation, verification, post-analysis, and process improvement.
• Network analysis tools, scripting languages, software vulnerabilities, exploits and malware analysis, and reverse engineering.
• Reading and understanding system data including security event logs, system logs, application logs, and device logs.
• Strong network security, threat hunting, and threat intelligence

• Must have at least 4 years of experience with:

• Enterprise grade technologies including Windows and Linux Operating Systems, Databases, Endpoint security, Web Applications and Applicable monitoring tools, including. SIEM, DLP, Internet filtering/blocking, IDS/IPS, firewalls, Anti-Virus, encryption technologies, and Vulnerability management).
• Creating custom correlation rules to detect known or suspected malware traffic patterns within security tools.
• Coordinating and managing all external 3rd party audits, including ISO-27000, PCI, & HIPAA audits.
• Utilizing: Splunk, Microsoft Defender, Qradar, O365 ATP, Proofpoint, Palo-alto, Prisma Cloud, and Azure and other security tools to identify, analyze and mitigate cyber security risk to organization.

• Position may be eligible to work hybrid/remotely but is based out of and reports to Invesco offices in Atlanta, GA.  Must be available to travel to Atlanta, GA regularly for meetings and reviews with manager and project teams within 24-hours’ notice.

Apply online or email resume to: Niamh McNamee, Global Mobility Specialist, Niamh.McNamee@invesco.com

Full Time / Part Time

Full time

Worker Type

Employee

Job Exempt (Yes / No)

Yes

Workplace Model

At Invesco, our workplace model supports our culture and meets the needs of our clients while providing flexibility our employees value. As a full-time employee, compliance with the workplace policy means working with your direct manager to create a schedule where you will work in your designated office at least three days a week, with two days working outside an Invesco office. 

What’s in it for you?

 

Our people are at the very core of our success. Invesco employees get more out of life through our comprehensive compensation and benefit offerings including: 

• Flexible paid time off

• Hybrid work schedule 

• 401(K) matching of 100% up to the first 6% with a discretionary supplemental contribution 

• Health & wellbeing benefits 

• Parental Leave benefits 

• Employee stock purchase plan

The above information on this description has been designed to indicate the general nature and level of work performed by employees within this role. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job. The job holder may be required to perform other duties as deemed appropriate by their manager from time to time.

Invesco's culture of inclusivity and its commitment to diversity in the workplace are demonstrated through our people practices. We are proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, creed, color, religion, sex, gender, gender identity, sexual orientation, marital status, national origin, citizenship status, disability, age, or veteran status. Our equal opportunity employment efforts comply with all applicable U.S. state and federal laws governing non-discrimination in employment.