Job Location: Rolling Meadows, IL
Gallagher Technology Services (GTS) provides and maintains quality, value-added core and common applications and information management solutions to enable the business strategies of Gallagher and its operating divisions.
The CFC-SOC Cyber Response Analyst II will be responsible for responding to cyber security events through cyber detection technologies, managed security service providers and other intake channels. This role will also be part of a globally enabled 24×7 cyber operations with twin teams in EMEA and APAC regions. The primary objective of the analyst’s day to day work will be to proactively detect and contain cyber related threats as part of the CSIRT. The SOC analyst will work as a core member of the CSIRT team that provides an in depth threat detection analysis in real time. This role will also contribute to the ongoing maturity process of the Cyber Fusion Center, process and technology automation and product improvements. In addition to these accountabilities, analysts will be responsible for creating and improving Standard Operating Procedures (SOPs) and participate in developing Incident Response (IR) runbooks to achieve proactive response and future automation. The analyst will have involvement in the incident response process improvements, adversely assessments/testing and the flexibility to operate in agile workplace to try out new ideas and technologies to improve the SOC and related practice areas. In addition to contributing in a fast paced exciting environment, SOC personnel will also have future opportunities to rotate into different practice areas within the Cyber Fusion Center (e.g. Threat Intelligence Practice, Detection Operations).
Primary Role Objectives:
- Performs endpoint security monitoring, security event triage, and incident response to detect and respond to advanced threats
- Conducts event analysis using best practice techniques and other frameworks such as MITRE attack frameworks.
- Conduct network, device and log analysis correlating events to identify key tactics and procedures to contain ongoing threats and attacks
- Utilize data analytics, experience and associated tools to rapidly contain threats and anticipate new ones.
- Ability to analyze, prioritize and execute on indicators of compromise (IOC) from threat intelligence / analytics tools.
- Coordinates with other team members to effectively investigate, document and report incidents.
- The analyst will be part of a rotating SOC shift and will need to manage their schedule accordingly so as to ensure there is coverage during SOC shifts and proper handoffs are completed with designated shift managers
- Work with security engineering teams to validate detection effectiveness as well as identifying detection improvements
- Maintain accurate records of security events investigated and incident response activities, utilizing case management and ticketing systems.
- Perform regular reviews of alert tickets handled by Tier 1 MSSPs.
- Act as senior level analyst to junior analysts, providing guidance as a IR subject expert.
- Monitor EDR and Security Information and Event Management (SIEM) technologies.
- Provides recommendations for increasing detection and monitoring technologies.
- Leads and participates in rule tuning and improvement sessions with MSSP’s.
- Provides periodic reporting of incidents to management and other mean time reports.
- Ensure best practice security practices and procedures are applied to all IR events.
- Manage and lead on other Security Operations responsibilities that may include but not limited to documentation, advanced malware analysis, exceptions tracking, security tool management, automation tuning, detection configuration, and ad-hoc reporting/metrics.
- Act a subject matter expert on related security projects, increasing automation, testing and documentation of security related processes.
Primary Role Skillsets:
- Intrusion Detection and prevention (IPD/IDS)
- Working understanding of network and edge protection; Firewalls/Proxies
- Offensive and defensive Attack Methods, threat hunting
- Security detection and monitoring technologies
- Network analysis technologies and analysis techniques
- System, network and cloud forensic experience
- Endpoint Detection & Response (EDR)
- Operating system security including; Windows, Linux and Macintosh
- Penetration testing technologies and principles
- Understanding of relationship between vulnerabilities, exploits and attack methods
- Advanced understanding of MITRE attack framework and industry kill chains
- Attacker methods in complex, globally enabled programs
- Application and scripting (preferred)
Role Experience Attributes:
- BS/BA degree in Computer Science, Information Systems, related discipline or equivalent experience.
- 3-5 years of professional work experience in the cybersecurity industry
- The ideal candidate will have operating system experience and scripting skills such as Python. Linux/Unix skills are an ideal.
- Strong analytical skills to define risk, identify potential threats, and develop and document action/mitigation plan.
- Strong interpersonal skills, ability to mentor/train staff and bring awareness to current and emerging threats.
- Ability to work efficiently in a matrixed global and agile team environment.
- Certifications a plus: CISSP, SAN GIAC Certifications (GCIH, GPEN, GSEC, etc.)
- Strong written and verbal communications skills with an ability to present technical risks and issues to technical and non-technical audiences internal and external to the organization.
U.S. Eligibility Requirements
- Interested candidates must submit an application and resume/CV online to be considered
- Must be 18 years of age or older
- Must be willing to submit to a background investigation; any offer of employment is conditioned upon the successful completion of a background investigation
- Must have unrestricted work authorization to work in the United States. For U.S. employment opportunities, Gallagher hires U.S. citizens, permanent residents, asylees, refugees, and temporary residents. Temporary residence does not include those with non-immigrant work authorization (F, J, H or L visas), such as students in practical training status. Exceptions to these requirements will be determined based on shortage of qualified candidates with a particular skill. Gallagher will require proof of work authorization
- Must be willing to execute Gallagher’s Employee Agreement, or the Non-Disclosure and Confidentiality Agreement, which requires, among other things, post-employment obligations relating to non-solicitation, confidentiality and non-disclosure
Gallagher believes that all persons are entitled to equal employment opportunity and does not discriminate against nor favor any applicant because of race, color, religion, sex, age, veteran status, disability, national origin, or any other legally protected status. Equal employment opportunity will be extended in all aspects of the employer-employee relationship, including, but not limited to, recruitment, hiring, training, promotion, transfer, demotion, compensation, benefits, layoff, and termination. In addition, Gallagher will make reasonable accommodations to known physical or mental limitations of an otherwise qualified applicant with a disability, unless the accommodation would impose an undue hardship on the operation of our business.
#LI-JK1
Additional Information
Submit CV To All Data Science Job Consultants Across United States For Free