Location: Richardson, TX; Chicago, IL
Job Type: Permanent
This position is responsible for researching, developing, deploying, and maintaining advanced security analytics capabilities and processes which support the following information security processes; security event analysis, security data visualization, privileged user monitoring, and advanced threat hunting; initializing and developing multiple cognitive systems in support of a comprehensive learning artificial intelligence network; transforming leaderships security and process requirements into technical solutions which assist in real time detection and historical analysis of previously unknown and undocumented indicators or threat.
- A curious and investigative mindset that is excited about working on new puzzles and challenges in collaborative and matrixed cyber defense team.
- Develop, shape, and drive security analytic processes and deliverables in support of a 24x7 cyber defense operations team charged with defending a large enterprise.
- Ability to collaborate with internal customers, experts, and other members of the analytics team to extract and refine requirements and then develop data driven products that support the detective and investigative mission of the collective team.
- This position requires an inquisitive mind and ability to explore a variety of data sets with the goal of identifying security relevant anomalies and behaviors. This position requires the candidate to apply their data analytics expertise to different data sets with a perspective informed by threat hunting and other experts.
- The role requires the analyst to explore new attacker techniques, technologies, and research to detect behaviors that may be indicative of an active security threat or risk.
- Develop, assist, and coach junior cyber defense staff with skill development, techniques, and approaches for efficient data collection, data exploration, and data analysis across various cyber defense technologies.
- Ability to review threat intelligence and security incident reports too identify detection and investigative analysis development opportunities.
- Individuals that understand they must drive the creation of new capabilities and know when to be self-reliant and when to work as a team will be best suited for this role.
- Ability to apply DevsSecOps principles to the security analytics program.
Required Job Qualifications:
- Bachelor Degree and 10 years of experience in Information Security or 14 years of experience in Information Security.
- 2 years of experience specializing in big data architecture or data analytics.
- 2 years of experience in designing, developing, building and deploying high-volume data integration solution.
- Extensive knowledge of physical, virtual and cloud architectures, operating systems, databases, data structures and data models. Individual must be capable of initializing and developing multiple cognitive systems in support of a comprehensive learning artificial intelligence network.
- Big data and log indexing technologies
- Common security technologies (endpoint protection and response tools, Firewalls, IDS, WAF, proxy systems, etc.)
- Knowledge of the cyber kill chain, MITRE ATT&CK framework, and common cybersecurity threat scenarios
- NIST or SANS Incident Response Processes and operations
- Experience using log analysis and security tooling to triage and process large enterprise
- Ability to consult, advise, and direct the work of operational teams that support the analytic technologies they are working with.
- Familiarity with security orchestration and response ideas
- Aware of response & investigation playbook creation
- Oral & written communications.
- Teamwork and collaboration skills
- Analytical and problem-solving skills.
- Customer focus and the ability to manage customer expectations.
Preferred Job Qualifications:
- The ability to apply analytics to defensive operations. Ideally someone with defensive security experience who have a strong aptitude for data analytics.