Senior Analyst – Cyber Threat Operations Center

Chicago HQ

Apply now Apply later

The Senior (Tier 2) CTOC Analyst is a key player in monitoring, analyzing, and responding to
security events across the organization. This role involves handling complex incidents,
conducting threat hunts, and supporting all phases of the incident response lifecycle. The Senior Analyst will also mentor junior analysts, providing day-to-day guidance on analysis techniques, tool utilization, and best practices for incident response to build a stronger, more resilient CTOC team. Additionally, this role includes managing moderately large projects, with minimal supervision, and employing creative problem-solving to address a wide variety of security challenges. Reporting to the CTOC Manager, you will collaborate with cross-functional teams and external partners, ensuring alignment with industry standards such as NIST, MITRE ATT&CK, and CIS Controls.

What you do
  • 24/7 Security Event Monitoring: Actively monitor and respond to security alerts and incidents, conducting both initial triage and advanced analysis to assess escalation needs. Participate in a 24/7 response rotation.
  • Incident Response and Threat Hunting: Execute containment, eradication, andrecovery actions for incidents, and conduct proactive threat hunting based on threat intelligence and dark web insights to identify potential threats across the environment.
  • Mentorship of Junior Analysts: Provide day-to-day mentorship to junior analysts, enhancing their technical skills, analysis techniques, and understanding of threat landscapes. Conduct training sessions, review their work, and provide actionable feedback to boost team effectiveness.
  • Advanced Analysis and Documentation: Perform in-depth root cause analysis on security incidents, document findings comprehensively, and offer actionable insights to support cross-functional teams in decision-making.
  • Tool Optimization and Automation: Leverage and optimize SIEM, EDR, and security orchestration tools to improve detection and response efficiency. Identify and implement automation opportunities to streamline routine tasks, enhancing overall CTOC productivity. 
  • Threat Intelligence Integration: Analyze and integrate threat actor tactics, techniques, and procedures (TTPs) into CTOC processes, focusing on high-priority threats such as ransomware, insider threats, and advanced persistent threats (APTs). Engage with MISP, ISACs, and threat intelligence sources to stay informed on evolving threats.
  • Collaboration and Information Sharing: Participate in information-sharing initiatives with peers, ISACs, and other partners to enhance situational awareness, improve response strategies, and strengthen collaboration.
  • Playbook Development and SOP Enhancement: Assist in creating and refiningincident response playbooks and SOPs, ensuring alignment with NIST CSF, CIS Controls, and other frameworks to bolster CTOC resilience and effectiveness.
  • Project Leadership and Autonomy: Manage moderately large projects independently, from planning to execution, ensuring timely delivery of outcomes. Operate effectively with minimal supervision, demonstrating initiative and accountability.
  • Post-Incident Review and Continuous Improvement: Lead post-incident reviews to identify lessons learned, suggest process improvements, and drive changes that capabilities. response future enhance
     

Why you're a fit

  • Experience: 3-5 years in information security, preferably within a 24/7 CTOC or similar environment, monitoring cloud-native infrastructure.
  • Technical Skills: Proficiency with operational security controls such as SIEM platforms, EDR, IDS/IPS, DLP, and data analysis. Experience with threat intelligence platforms and security orchestration tools preferred.
  • Knowledge Base: Comprehensive understanding of cybersecurity principles, network protocols, and regulatory compliance (e.g., PCI, FTC Safeguards). Familiarity with frameworks such as MITRE ATT&CK, CIS Controls, and NIST CSF.
  • Mentorship and Leadership Skills: Proven experience mentoring junior analysts, focusing on technical skill development and enhancing analytical thinking.
  • Certifications: GCED, GCIH, GCIA, CISSP, or equivalent certification(s) is preferred.

Nice to haves

  • Ability to communicate complex security concepts clearly to stakeholders at all levels.
  • Strong organizational skills, adaptability, and the ability to make sound decisions under pressure.
  • Demonstrated integrity, commitment to continuous improvement, and the ability to handle a wide variety of issues creatively and independently.
     

Education

  • Bachelor's degree in Information Security, Computer Science, or a related field, or equivalent work experience.
  • This role offers the opportunity to apply advanced cybersecurity expertise, mentor junior talent, lead projects independently, and contribute to the strength and adaptability of the CTOC in a rapidly changing threat environment.

Check out our Avant Blog!

We believe that a diverse set of backgrounds and experiences helps us create the most innovative solutions for our customers. We invite you to apply to our positions even if you do not meet 100% of the qualifications listed in the description. If you’re  passionate about our mission and aligned to our values, we hope you’ll come contribute to our awesome culture.

Why Avant is the place for you:

At Avant, we believe our values make a difference:

Authenticity. We show up to work as our whole selves and make sure others can too.

Collaboration. We can only succeed when we do so as a team.

Problem-Solving. The harder the problem, the more satisfying the solution.

Customer. We are all owners of the customer experience.

Initiative. Plan. Adapt. Get Sh!t Done.

We believe that great ideas come from anyone and anywhere, that everyone is an owner who drives change, and that we have more fun when we work together. We're problem solvers who love collaborating with intelligent and highly-motivated people to reshape the face of digital banking. Avant offers terrific perks and benefits, fun social events with employees who actually like hanging out together, and a flexible growth environment where trying your hand at new projects and being the active owner of your career path is encouraged and supported.

Some of our benefits include:

  • Choice of great Medical, Dental, and Vision Insurance Plan options

  • 401(k) Match

  • Unlimited Paid Time Off

  • Flexible Work Environment

  • Generous Paid Parental Leave

  • Lunch Allowance (Fooda) and In-office Snacks

  • WFH Stipends for our Remote Employees

  • Access to LinkedIn Learning for Professional Development

  • No Meeting Wednesdays - (a.k.a. planned time to Get Sh!t Done)

  • Summer Fridays

  • Fun In-Office and Virtual Social Events

  • And who doesn’t love the swag

This position may require you to be fully vaccinated against COVID-19. If required, you'll be asked to provide proof that you’re fully vaccinated upon your start date or before working in or visiting our Chicago office. You’re considered fully vaccinated two weeks after you receive the second dose of a two-dose vaccine series (e.g., Pfizer or Moderna) or two weeks after a single-dose vaccine (e.g., Johnson & Johnson/Janssen). Failure to provide proof of vaccination may result in termination. Subject to applicable law and requests for accommodation.

Apply now Apply later

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  0  0  0

Tags: Automation Banking CISSP Cloud Compliance Computer Science EDR GCED GCIA GCIH IDS Incident response IPS MISP MITRE ATT&CK Monitoring NIST SIEM Threat intelligence TTPs

Perks/benefits: 401(k) matching Career development Flex hours Flex vacation Health care Home office stipend Medical leave Parental leave Startup environment Team events Unlimited paid time off

Region: North America
Country: United States

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.