Skills
Required
security
data
risk
support
controls
vision
schedule
triage
leadership
remediation
escalation
analyze
drive
analysis
workflow
tcp
ip
networking
writing
presentation
network
osint
unix
scripting
python
perl
powershell
coding
development
management
monitoring
correlation
splunk
orchestration
certifications
owasp
Job
Description
The Security Response Team (SRT) is part of the Cyber Data Risk and Resilience division and manages the incident response capability to support day-to-day cross-enterprise event investigations and strategic input into security controls and countermeasures to proactively create better security for the Firm. The group's vision is to deliver programs that protect and enable the business, ensure secure delivery of services to clients, adjust to address the risks presented by an evolving threat landscape, and meet regulatory expectations. Primary Responsibilities (Important) Holiday and weekend shifts are mandatory. Schedule to be adjusted during the week to accommodate this requirement. – This is very important. Only send profiles of interested candidates. Monitor and triage security events. Investigate cyber security incidents and threats. Interact with stakeholders and leadership teams as part of the response and remediation efforts. Improve the detection, escalation, containment, and resolution of incidents. Enhance existing incident response methods, tools, and processes. Maintain knowledge of technologies and the threat landscape. During non-core business hours support emergency, critical, or large-scale incidents as required. Qualifications: Candidates should have a genuine interest in cyber security and a good understanding of the tactics, techniques, and procedures of attackers. This role requires a detail oriented, critical thinker who can anticipate issues, and solve problems. Candidates should be able to analyze large datasets to detect underlying patterns and drive to a root cause analysis. Required Skills: Understand the end-to-end workflow of a threat across multiple technologies. Think like an adversary. Sound understanding of TCP/IP and networking concepts, security alerts, and incidents. Excellent writing and presentation skills are required to communicate findings and recommendations. Experience with investigating common types of attacks, network packet analysis, log analysis, and reviewing security events. Experience applying Open-Source Intelligence (OSINT) techniques in support of investigations. Knowledge of Windows processes and Active Directory. Able to work on extended working hours during incidents. Desired skills: 2 to 5 years experiences (or equivalent) with Security Analysis and Incident Response (i.e., working in SOC/CIRT/CSIRT/CERT). Subject matter expert in one or more areas such as Windows, Unix, firewalls, intrusion detection, network- and host-based forensics. Scripting (Python, BASH, Perl, or PowerShell), coding, or other development experience. In-depth knowledge of security event management, network security monitoring, log collection, and correlation. Splunk usage or administration experience. Security Orchestration and Automated Response (SOAR) experience. Industry certifications: GCIH, GNFA, GREM, or other related certifications. Financial industry experience. Foundational Cloud Security knowledge. OWASP Top 10 Knowledge. Show more Show less
