Senior Cyber Security Analyst
- 📅
- Feb 08, 2023 Post Date
- 📅
- 24 Total Views
Lockton is looking for a highly motivated and experienced Sr. Cybersecurity Incident Response Analyst. In this role, you will be the front-line responder combating cybersecurity threats against Lockton and its customers by handling cybersecurity events. You will be challenged with rapidly changing information and cyber incidents where attackers use the latest cutting-edge technology in their attempt to breach Lockton’s environment. You will conduct incident response activities, including advanced investigation (malware analysis, threat actor analysis and attribution, root cause analysis), response, and remediation. You will perform tier 2/tier 3 response activities and analysis and will operate independently of the SOC and will assist with maturity of logging infrastructure and automation routines. This role requires experience in all phases of cybersecurity incident response including preparation, analysis, notification, response, recovery, and post-mortem activities. This role interacts with all levels of the organization and is viewed as a subject matter expert on all Incident Response activities.
Responsibilities:
- Manage security incidents from multiple sources including privacy, vulnerabilities, phishing, malware, ransomware, and forensic investigations
- Analyze technical data (logs, configurations, etc.) from a multitude of sources (SIEM systems, firewalls, web servers, and Linux/Windows devices) to understand the source/impact of security events
- Investigate/analyze large and unstructured data sets, malicious artifacts, and EDR tools to identify trends and anomalies indicative of potential threats
- Liaise with stakeholders and internal teams to serve as a Cyber Security Champion to help implement best security practices and mature the Security Incident Response process to meet the needs of the business
- Liaise with IT teams during investigations and post-incident to implement remediation measures
- Collaborate with legal, human resources, and other business units to lead internal security investigations
- Provide technical subject matter expertise to mitigating risk to impacted parties throughout an incident
- Facilitate incident meetings involving technical, business, compliance, and legal teams
- Conduct technical analysis in support of fraud and other corporate internal investigations
- Track follow-up documentation related to an incident, including Root Cause Analyses (RCAs), Lessons Learned and Incident Remediation Plans throughout the incident lifecycle till closure
- Lead After Actions Reports creation based on Lessons Learned from critical cybersecurity incidents
- Manage incident response metrics for senior management at the business and corporate level
- Produce high quality oral and written presentations, communicating complex technical matters clearly and concisely with audiences ranging from peers to Sr. Management and customers
- Ability to prioritize and balance multiple incidents as well as adjust to shifting priorities
- Develop and maintain standard operating procedures, incident response plan, playbooks
- Maintain on-call duties
Qualifications:
- 8+ years of overall related experience with 5+ years of cybersecurity Incident Response experience, SOC experience
- Experience with SIEM platforms such as Splunk: writing searches, creating dashboards, and performing forensics
- Experience with Endpoint detection and prevention suites (Symantec, Splunk, CrowdStrike, etc.): performing forensics, securing devices, and collecting evidence
- Experience with security and incident tools within Azure
- Exceptional ability to conduct cybersecurity investigations, analyze and distill relevant findings and determine root cause
- Strong knowledge of security and web technologies such as SIEM, full packet capture, Firewall/NGFW, IDS/IPS, EDR, DLP, UEBA, networking protocols, Microsoft Windows and Linux/Unix platforms and tools with related experience in corporate infrastructures
- Excellent knowledge of industry-standard frameworks (such as MITRE ATT&CK)
- Strong technical experience and familiarity of various types and techniques of cyber-attacks, with the incident response and threat hunting lifecycles
- Experience in security aspects of multiple platforms, operating systems, software, communications, and network protocols
- Understanding of and experience with common Internet services/protocols, such as IP, TCP, UDP, HTTP, TLS, SMTP
- Excellent analytical ability, consultative and communication skills, strong judgment, and discretion in high pressure environments
- Strong verbal and written communication skills with ability to tailor message to various audiences (technical, operations, leadership, client)
- Must be highly skilled and proficient in problem solving, with an aptitude and willingness to learn new technologies
- Self-motivated with the ability to manage and prioritize multiple deliverables
Desired Requirements:
- Bachelor’s degree, ideally in Computer Science, Security, Engineering, or a related field
- Industry recognized certifications like GCIH, CISSP, GCFA, GCFE is a plus
- Experience with scripting (PowerShell, bash, etc.) is a plus
- Experience with host-centric tools for forensic collection and analysis (Encase, FTK, etc.) is a plus
- Digital Forensics and Incident Response (DFIR) experience and certification is desirable. DFIR experience in cloud environments is a plus
- Understanding of APT, Cyber Crime and other associated tactics is a plus
- An interest in reverse engineering, red-teaming, penetration testing, and competing in Capture the Flag (CTF) events is a plus
- Open to remote locations
#LI-RS1
#LI-Remote
Lockton Companies, LLC is an equal opportunity employer. As a privately held company, we offer a competitive compensation and benefits package reflecting our commitment to attracting and retaining great individuals. This includes health and dental coverage, which begins on your first day of work, 401(k) with match and immediate vesting, a competitive vacation plan and unrivaled career advancement opportunities.
Lockton is known throughout the insurance industry as an entrepreneurial, progressive and successful insurance broker. As a result of continued individual and group accomplishments, Lockton has a record of steady and substantial growth. If you are a committed professional with a passion for delivering unparalleled service, Lockton is interested in hearing from you.
**NO AGENCIES PLEASE** Any Employment Agency, person or entity that submits an unsolicited resume to this site does so with the understanding that the applicant's resume will become the property of Lockton Companies, Inc. Lockton Companies will have the right to hire that applicant at its discretion and without any fee owed to the submitting Employment Agency, person or entity. Employment Agencies, who have fee Agreements with Lockton Companies must submit applicants to the designated Lockton Companies Employment Coordinator to be eligible for placement fees.
Connect with Us