Sr. Information Security Analyst - Security Operations, Incident Response and Threat Hunt/DetectionApply
- The Sr. Information Security Analyst role is responsible for monitoring and responding to events and alerts from a variety of sources including malware, phishing, and network traffic.
Primary duties and responsibilities include:
- Monitor and respond to events and alerts from a variety of sources including malware, phishing, and network traffic.
- Help evolve the Information Security threat detection program by driving best practice improvements to identify and remediate risks.
- Actively hunt for threats and risks in a variety of logs and data.
- Utilize available logging data to identify security anomalies (and to transform business logic into security alerts).
- Provide metrics to active threats facing the enterprise.
- Respond to and investigate events and incidents, make determinations on their impact, and provide sound technical resolutions.
- Mentor and provide guidance to help develop junior analysts.
- Provide support for maintenance and upkeep of security preventative and detective tools such as Trend Micro Endpoint Security, Deep Security, Splunk, and Nessus.
- Ability to problem-solve, prioritize, troubleshoot, and work through day to day activities and know when to escalate vs. self-solve while building and maintaining productive business relationships.
- Help drive the onboarding of applications and systems to centralized logging solutions such as Splunk.
- Work closely with other Information Security team members and IT teams as well as develop relationships with both internal and external business partners and relevant operational teams to gather data and insights leading to holistic security risk
- Perform security scans of Sleep Number applications, infrastructure, and other systems, including Cloud deployments.
- Work with IT and business teams to drive security awareness, policy compliance, and vulnerability remediation in the enterprise.
- Maintain awareness on the latest security news and threat feeds.
- 3-5 years of experience within large-scale security operations and incident response programs with at least 3 years of direct experience in Incident Response/Incident Handling including incidents that involve a cross-functional response team of partners across an enterprise (legal, IT, internal audit, etc.) and experience conducting post-mortem conversations and documenting improvements.
- 4-6 years of Information Technology and/or Information Security experience
- Demonstrated knowledge of a broad range of technical concepts including logical access control, endpoint security, cloud security, network security, data analytics, and incident handling
- Strong organizational skills with ability to thrive in a sense-of-urgency environment, navigate ambiguity, confidently operate independently leveraging best practices, and approaching any problem as a team-player with a can-do attitude
- Strong written and verbal communication skills, ability to interface with all levels of business and executive leadership.
- Familiarity with enterprise Security Incident Event Monitoring solutions such as Splunk, Sumo Logic or equivalents.
- Familiarity of information security management system standards, frameworks (ISO 27001, NIST CSF), information technology regulatory and compliance requirements and industry best practices.
- Bachelor of Science and/or Master’s in CIS/MIS/CS/CE, Engineering/Technology or related field or equivalent experience/training
- At least 1 industry recognized certification(s): CISSP, GSEC, CEH, GCIH, CySA+, Security+, etc...
- Non-CISSP-certified candidates would be expected to pursue CISSP certification as part of developmental expectations within 18 months of start date
- 2 years proactive threat hunting experience.
- Experience with Windows, Mac, and Linux Operating Systems both clients and servers.
- Experience in Retail and/or eCommerce.
- Experience with Splunk, developing searches, dashboards, reports, and onboarding new data.
- Experience in digital forensics, investigations, malware analysis, and handling of sensitive data.
- Understanding of network protocols, creating firewall rules and IDS/IPS signatures (Cisco ASA & NGFW, Snort/Sourcefire).
- Experience with DLP solutions.
- Familiarity with cloud security controls in a cloud environment (e.g., AWS, Azure, Rackspace)
- Strong oral and written communication skills required, including a natural ability to tailor communication to various audiences. Ability to solve problems.
- Must be a creative problem solver, flexible, proactive, and work in a fast paced, ever-changing environment
- Some scripting knowledge (bash, PowerShell, python, etc.)
- Intermittent weekend and evening work may be required for production or operational support, during implementations and to meet project deadlines
- Ability to travel up to 10%
Recently Viewed jobs
No jobs have been viewed recently.
Sorry, you do not have any saved jobs.
“Sleep is integral to a happy healthy lifestyle and it has such a huge impact on everyday life. Sleep Number is a unique company to work for because you’re truly helping people.”Sophia, Customer Service Representative