Cybersecurity Operations Specialist
Buffalo, NY, United States
Full Time Mid-level / Intermediate USD 79K - 131K
M&T Bank
With a community bank approach, M&T Bank helps people reach their personal and business goals with banking, mortgage, loan and investment services.This role offers a hybrid work schedule; offering the flexibility to work remotely two days a week, while providing the opportunity for in-person collaboration at our Buffalo, NY Tech Hub.
Overview:Ensures the integrity and resilience of the organization's security and information systems through the identification and investigation of potential threats using complex analysis on Cybersecurity monitoring tools and responds to confirmed security threats.
Primary Responsibilities:
· Characterize and analyze complex network traffic using analysis techniques such as contextual analysis, anomaly detection, and network traffic analysis, to identify anomalous activity and potential threats to network resources and provide proactive recommendations to maintain or improve security posture.
· Complete dynamic malware, threat, and log analysis in coordination with past incident analysis data and/or current or emerging threat analysis and provide recommended remediation efforts.
· Identify opportunities for tuning and development of rules, alerts, and correlation logic for security systems and tools to share with security engineering that will strengthen the security of the organization.
· Immediately partner with incident response team when identifying suspected imminent or hostile intentions or activities that could impact the organization's objectives, resources, or capabilities.
· Maintains comprehensive documentation and logs of security threats, analysis, responses, and procedures in incident tracking and solution database that can be utilized to debrief senior Cybersecurity leadership.
· Assist in development of technical documents, incident reports, findings and use cases from intrusion artifacts, log summaries and other discovered data to the team and team leader(s).
· Collaborate with cybersecurity teams and governance team to regularly review and refine policies and procedures, utilizing insight from internal incident data and emerging threats.
· Actively engage in cross-functional collaboration with manager, specialists, and incident response team to review and determine next steps for identified potential threat and suspected incidents.
· Actively seeks out opportunities for professional growth and utilizes emerging threat trends to inform recommendations for new security practices, tools, and techniques.
· Understand and adhere to the Company’s risk and regulatory standards, policies, and controls in accordance with the Company’s Risk Appetite. Design, implement, maintain, and enhance internal controls to mitigate risk on an ongoing basis. Identify risk-related issues needing escalation to management.
· Perform QA related activities for CSOC analysts to monitor accuracy, completeness, and adherence to established workflows and procedures
· Maintains comprehensive documentation on training efforts and works to further CSOC maturity by conducting onboarding training, as well as other various training programs to foster a continuous improvement environment.
· Promote an environment that supports diversity and reflects the M&T Bank brand.
· Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
· Complete other related duties as assigned.
Scope of Responsibilities:
- Partners with manager, peers, and incident response team.
- Leverages Standard Operation Procedures to perform advanced analysis of security events. Work is reviewed for accuracy and overall quality.
- Intermediate knowledge of all networks, user, and end-point monitoring tools.
- Advanced understanding of multiple network, user, or end-point monitoring tools.
- Train analyst to intermediate level knowledge of network, user, and end-point monitoring tools.
- Second highest individual contributor escalation point in team.
Education and Experience Required:
· Partners with manager, peers, and incident response team.
· Leverages Standard Operation Procedures to perform advanced analysis of security events. Work is reviewed for accuracy and overall quality.
· Intermediate knowledge of all networks, user, and end-point monitoring tools.
· Advanced understanding of multiple network, user, or end-point monitoring tools.
· Train analyst to intermediate level knowledge of network, user, and end-point monitoring tools.
· Second highest individual contributor escalation point in team.
Education and Experience Preferred:
· Intermediate Cybersecurity certifications (e.g., CySA+,CEH)
· Prior experience working in a highly regulated industry (e.g., finance, healthcare, government)
· Intermediate knowledge of digital evidence preservation concepts
· Basic understanding of security orchestration, automation, and response
· Intermediate proficiency with security information and event management tools
· Intermediate ability to use anti-virus software and endpoint detection and response tools.
· Advanced ability to use open-source intelligence concepts.
· Basic ability to use network packet analyzers.
· Basic knowledge of threat intelligence concepts
· Intermediate ability collects artifacts and document incidents.
· Basic knowledge of scripting languages
· Intermediate ability to logically identify and analyze protection opportunities in data loss prevention and cloud access security broker tools.
Tags: Automation CASB CEH Cloud CSOC EDR Finance Governance Incident response Log analysis Malware Monitoring Scripting SOAR Threat intelligence
Perks/benefits: Career development Competitive pay Team events
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.