Senior Cyber Security Analyst

Role Summary

The Senior Cyber Security Analyst for Incident Response will work in an environment where challenging technical and security issues in a dynamic operational environment will test knowledge, skills and abilities as they relate to incident response, forensics and cyber threat hunting. The Senior Cyber Security Analyst for Incident Response will: use data collected from cyber defense tools to analyze events for the purposes of finding and mitigating threats; Investigate, analyze, and respond to cyber incidents; Evaluate security controls against the current threat landscape and organizational architecture and provide recommendations for enhancement ; Cultivate an active partnership with Enterprise Architecture, Technology Platform and Application Owners as they are accountable for the secure design, configuration, and operation of their environments.

Responsibilities

• Accountable for all aspects of the cyber security analysis process for their work

• You will contribute to the development of and improvement in cyber security standard methodologies within your group

• Leads analysis and actively participates in providing feedback on team members’ work

• Ability to lead a team on cyber analysis or incident response

• Ability to break down complex or vague problems and steps through them in a rational way

• Flexible in his or her thinking; able to evolve a solution when additional information or ideas are presented

• Decisions and recommendations distinguish between near term mitigation and required future investments

• Identifies when junior resources need help and provides mentoring in a positive way that promotes confidence

• You will help team members/make suggestions to improve practices

• On-call rotation 1 week per month, with one weekend on call, every seven weeks

• Other duties as assigned

Business Knowledge

• Can articulate cyber security risk and translate into practical solutions to technology teams

• Thorough knowledge of the cyber analysis program associated objectives

Qualifications

Required:

• Typically, 4+ years of relevant experience

• Up to date with relevant cyber security threats and counter measures

• Shows a commitment to quality by implementing suitable solutions

• Leads work reviews and actively participates in providing feedback on others’ work

• Performs as an expert in one or more cyber security programs.

• Hard drive forensics experience preferably using ENCASE

• Deep understanding of TCP/IP, OSI model and component and systems dependencies concepts.

• Deep understanding of incident response processes and procedures

• Utilizes Cyber Threat Intelligence and Cyber Security Awareness concepts to influence work

• In depth understanding of Windows operating systems and general knowledge of Unix, Linux, and Mac operating systems

• Knowledgeable with various security infrastructure tools such as firewalls, intrusion prevention/detection systems, proxy servers, email controls, anonymizing technology, and SIEM

• Knowledgeable in Cyber risk management frameworks knowledge, web application technologies, and network and systems forensics

• Ability to investigate and analyze malicious code

• Ability to work as part of a team, show initiative and take on new tasks as assigned

• Ability to perform risk analysis and communicate that risk to others

• General understanding of AWS, Azure and/or Google Cloud

Preferred:

• Experience in a 24x7 global enterprise, preferably in the Financial industry

• SANS GIAC certifications (such as GREM, GCIH, GCFA)

• In-depth knowledge of malware analysis tools

• Scripting experience, preferably Python and/or Powershell

• Splunk knowledge

• General system administration

FINRA Requirements

FINRA licenses are not required and will not be supported for this role.

Work Flexibility

This role is eligible for hybrid work, with up to three days per week from home.