Principal Analyst - Cyber Security

Job Description:

Position Overview

The primary responsibility of the Principal Analyst – Cyber Security is to provide expert analysis and respond to events and incidents from Cyber Operations, Intelligence and Forensics while coordinating efforts with each team. The Principal Analyst possess a solid sense of ethics, intimate knowledge of investigations and analysis from multiple Cyber Disciplines and be capable of effectively coordinating efforts between various Cyber Operations Teams while under duress.

All duties are to be performed in accordance with departmental and Las Vegas Sands Corp.’s policies, practices, and procedures. All Las Vegas Sands Corp. Team Members are expected to always conduct and carry themselves in a professional manner. Team Members are required to observe the Company’s standards, work requirements and rules of conduct.

Essential Duties & Responsibilities

• Receive, analyze, and remediate alerts from Cyber Security Operations Center.

• Receive, analyze, and determine applicability and remediation for events from Cyber Threat Intelligence.

• Will use a variety of analysis tools in incident response investigations to determine the extent and scope of compromise.

• Determines and coordinates retrieval of information and data across various Cyber and IT teams and tools to provide timely and sound analysis.

• Provide mentorship, guidance, and support for the analysts from the various Cyber Teams.

• Maintain a detailed level of awareness of Cyber threats and analytical and remediation practices

• Actively participate in the development, documentation, and implementation of new processes to expand and mature capabilities for the organization.

• Provides advanced communications services, writing, editing, analysis, and planning.

• Subject matter expert on analysis and determining what events and alerts are escalated to incidents.

• Mentors less experienced staff, frequently instructing and occasionally directing the work of others.

• Perform job duties in a safe manner.  

• Attend work as scheduled on a consistent and regular basis

• Performs other related duties as assigned. 

Minimum Qualifications

• At least 21 years of age.

• Proof of authorization to work in the United States.

• Bachelor's degree in MIS or similar technical program or four (4) years acceptable industry and work experience.

• Minimum of two (2) years of Incident Response experience.

• Experience in analyzing and responding to escalated events and alerts from Threat Hunting Efforts, various Cyber tools including but not limited to SIEM, EDR, and Phishing, Intelligence derived data, and WAF.

• Demonstrated knowledge and experience in developing documentation and processes regarding analysis of multiple Cyber disciplines including Forensics, Intelligence, Security Operations Center, and Incident Response.

• Understanding of the following concepts: Cyber Kill Chain, Advanced Persistent Threat, Third Party Risks, Cybercrime, Hacktivism, Various Cyber Attack Types, Fraud, Malware and Ransomware, Mobile Threats, Social Engineering, Insider Threats, SOC function, Incident management, Networks and Encryption.

• Provides leadership, expert analysis to requirements gathering, and project planning for complex communications projects and other significant threat intelligence initiatives. Possesses and applies a thorough understanding of stakeholder requirements.

• Independently interfaces at various levels within the organization, including executive leadership, senior stakeholders, business line leaders, and technical subject-matter experts from various Cyber disciplines.

• Directs conversion efforts, projects, and staff, overseeing movement of existing documentation to alternative delivery media.

• Maintain and develop professional contacts in the various Corporate Departments in support of Cyber operations.

• Relevant Accredited Industry Certifications regarding Advanced analysis and Response, including but not limited to; CISSP, SANS 500 Series, GIAC Analysis Series, or CASP.

• Must be able to obtain and maintain Nevada Gaming Control Board registration and any other certification or license, as required by law or policy.

• Must be able to work collaboratively with the global team.  This position will work with Level 1 and Level 2 analysts, Information Technology, business units, and with various levels of management regularly.

• Ability to quickly ascertain the nature of alerts, events, or incidents brought to your attention and calmly formulate and communicate a plan for response.

• Demonstrate ability to create and write concise reports.

• Ability to quickly assess network activity and system configuration for anomalous activity to determine system security status.

• Mentor and assist team members when necessary. Be able to work in a collaborative team environment. 

• Effective written and verbal communication skills in English

• Provide off-hours support on an infrequent, but as needed basis. (Potential shifts may run 24/7 due to the need of the business.)

Physical Requirements

Must be able to:

• Physically access assigned workspace areas with or without reasonable accommodation.

• Work remotely or in office as necessary

• Work indoors and be exposed to various environmental factors such as, but not limited to, CRT, noise, and dust.

• Utilize laptop and standard keyboard to perform essential functions of the job.