Senior Cybersecurity Specialist
Western & Southern Life

Cincinnati, Ohio

Posted in Insurance


This job has expired.

Job Info


Overview

Summary of Responsibilities:

Serves as the technical subject matter expert and lead analyst in incident investigations. Ingests and analyzes threat intelligence received from a wide variety of sources, distilling the important facts applicable to Western & Southern (W&S), then integrates that intelligence into our protection, detection and response capabilities. Investigates the most complex incidents, working with external partners as the technical expert if necessary. Expected to work incident investigations toward complete resolution including identification of "patient zero," root cause analysis, attribution and identification of mitigation techniques to protect the network against similar attacks. Mentors junior cyber associates to develop capabilities in incident investigation and analysis techniques, and threat intelligence analysis and integration.
Responsibilities

Position Responsibilities:

  • Serves as subject matter expert for the Cyber Security Operations Center (CSOC) team on investigations, and threat intelligence analysis and integration.
  • Functions as the technical team lead for incident analysis and response for escalated incidents. Assists and mentors junior cyber associates on triage and tier 2 incident investigations as needed. Coordinates investigation and response activities with other cyber associates and members of IT as appropriate. Communicates with CSOC Manager on investigation status and details in a timely manner based on incident severity level.
  • Serves as the lead technical interface with external incident responders or forensic investigators in the event of a major incident.
  • Reviews processes and procedures related to continuous monitoring, triage, incident analysis and incident response activities. Consults with other team members to continuously improve those processes and procedures, and ensures that when new tools or external inputs change that the documentation is adjusted accordingly.
  • Mentors and trains junior associates on proper investigation techniques, documentation requirements and evidence handling. Serves as a subject matter expert to those associates. Consults with managed security service provider (MSSP) analysts when complicated technical questions arise, assisting junior cyber associates and consulting with CSOC management for guidance as needed.
  • Investigates incidents that are escalated per procedure with minimal supervision or direction. Communicates with customers as appropriate, keeping CSOC management informed per incident severity requirements. Follows applicable processes and procedures while maintaining the flexibility to "think outside the box" during the investigation in order to find all affected systems including "patient zero," performs root cause analysis; determines attribution if appropriate; completes documentation; and participates in lessons learned post mortem. For high severity level incidents functions as lead technical member of incident team.
  • Communicates with CSOC management, cyber and information security staff members, and customers in written and verbal communication regarding investigations and status updates. Maintains need-to-know discretion for all investigations.
  • Evaluates rule creation, system tuning, rule tuning, and threat intelligence integration in order to determine the appropriateness and effectiveness of those detection rules. Consults with junior cyber associates to choose the best indicators for accurate detection, minimizing false positives. Consults with the Cyber Security Engineer on the best method(s) for detection of indicators of compromise.
  • Interfaces regularly with the Cyber Security Engineer to test and improve custom tools, suggesting features and improvements in order to increase efficiency and productivity. During investigations, communicates with the engineer in order to quickly gather the information needed in the most efficient manner possible, giving constant constructive feedback on custom tools provided in that process. Works with the engineer to suggest and evaluate new tools and methods based on the current threat landscape to address risk exposure.
  • Applies analytical understanding of hacker methodologies and tactics, system vulnerabilities and key indicators of attacks and exploits to produce integrated threat and technical intelligence products (written and verbal), providing situational awareness leading to actionable intelligence regarding cyber threats of relevance to our business environment and industry. Communicates with cyber team members and management both quantifiable and qualifiable cyber risk to the enterprise though operational briefings and threat intelligence reports.
  • Conducts research in threat intelligence sources identifying the threats that are applicable to W&S. Integrates that actionable intelligence into security tools to improve prevention, detection and response. Identifies and vets potential new sources of reliable intelligence information. Participates in threat intelligence activities and groups that share actionable intelligence and investigation methods.
  • Performs knowledge sharing with cyber team members through meetings, presentations and written communications. Reviews documentation of incident response processes and procedures in the central knowledge base.
  • Participates in after incident lessons learned meetings to give input on recommendations for process or procedure improvements and to provide mitigation recommendations to reduce future incidents or minimize their impact.
  • Tracks performance metrics and provides timely updates to CSOC management.
  • Provides potential on-call support during nights and weekends.
  • Performs other duties as assigned by management.
Qualifications

Selection Criteria:
  • Demonstrated experience in threat detection technologies, including intrusion detection and prevention systems (IDS/IPS), security incident and event management (SIEM) technology, and network packet analyzers. Experience with data analytics, endpoint protection, malware analysis and forensics tools are highly desired.
  • Proven SIEM utilization skills, including the ability to review and analyze security events from various monitoring and logging sources to identify or confirm suspicious activity.
  • Demonstrated experience in incident analysis and response activities, including execution of response and analysis plans, processes and procedures, and performing root cause analysis. Experience in a SOC environment is preferred.
  • Proven ability to analyze large data sets and unstructured data for the purpose of identifying trends and anomalies indicative of malicious activity.
  • Demonstrated knowledge of current security trends, threats and techniques. Demonstrated self-driven desire to continually learn and grow in knowledge related to the constantly evolving threat landscape.
  • Proven experience in threat intelligence gathering, creation and fusion activities.
  • Demonstrated experience evaluating, analyzing and communicating relevant threat information to a variety of audiences ranging from technical personnel to senior management.
  • Proven experience on both Linux-based and MS Windows-based system platforms with a strong IT technical understanding and aptitude for analytical problem-solving.
  • Demonstrated strong understanding of Enterprise, network, system and application level security issues.
  • Proven understanding of the current vulnerabilities, response and mitigation strategies used in cyber security.
  • Demonstrated strong team player - collaborates well with others to solve problems and actively incorporates input from various sources. Proven experience leading and motivating team members toward excellence and project completion.
  • Proven customer focus - evaluates decisions through the eyes of the customer; builds strong customer relationships and creates processes with customer viewpoint.
  • Demonstrated analytical skills - continuously defines problems, collects or interprets data, establishes facts, anticipates obstacles, and develops plans to resolve them. Strong problem solving skills while communicating in a clear and succinct manner effectively evaluating information/data to make decisions.
  • Proven inherent passion for information security and service excellence.
  • Demonstrated excellent verbal and written communication skills; frequently expresses exchanges or prepares accurate information conveying information to internal and external customers in a clear, focused and concise manner. Continuously conforms to proper rules of punctuation, grammar, diction and style.
  • Proven self-starter with strong internal motivation. Proven ability to work with little supervision or direction.
  • Demonstrated ability to work under multiple deadlines with minimal supervision. Cite examples of successfully organizing and effectively completing projects where given little or no direction.
  • Continuously performs an activity such as: preparing and analyzing data and figures; transcribing; viewing a computer terminal; extensive reading. Visual acuity is required to determine accuracy, neatness, and thoroughness of work assigned. Ability to occasionally make repetitive motions of the wrists, hands and/or fingers.
  • Occasionally moves about to accomplish tasks, particularly moving from one work station to another.
Work Setting:
  • This position works in an office setting and may frquently remain in a stationary position for periods of time while working at a desk, on a computer or with other standard office equipment or while in meetings.
  • Occasionally moves about to accomplish tasks, particularly moving from one work station to another.
Educational Requirements:
  • Bachelor's degree in Information Assurance, Information Systems, Computer Science, IT, or commensurate selection criteria experience.
  • Minimum eight years of technical experience in the information security field, including four or more years of incident response, threat analysis, and/or security operations center experience.
Computer Skills and Knowledge of Hardware & Software Required:
  • Linux-based and MS Windows-based system platforms.
  • Expert understanding of enterprise, network, system and application level security issues.
  • Expert understanding of enterprise computing environments, distributed applications, and a strong understanding of TCP/IP networks.
  • Fundamental or greater understanding of encryption technologies.
  • Basic to advanced experience with one or more scripting languages (examples: Python, Perl, Java, or Ruby).
  • Knowledge of Identity & Access Management practices, systems and controls.
  • Experience with security tools including but not limited to IDS (snort or suricata preferred), IPS, data analytics software, SIEM solutions (QRadar preferred), web application firewall (WAF), malware analysis, knowledge base platforms, and live response/forensics tools.
Certifications & Licenses (i.e., Series 6 & 63, CPA, etc.):
  • Candidate expected to hold one or more of the following security certifications: Certified Information Systems Security Professional (CISSP), GIAC Certifications (GCIH, GCIA for example), Certified Ethical Hacker (CeH).
Position Demands:
  • Extended hours required during peak workloads or special projects and off-hour support.
  • Occasional travel may be required.
Click here to learn more about the benefits of working in Information Technology and our team.


This job has expired.

More Insurance jobs


Blue Cross Blue Shield of Michigan
Detroit, Michigan
Posted about 12 hours ago

Blue Cross Blue Shield of Michigan
Grand Rapids, Michigan
Posted about 12 hours ago

Blue Cross Blue Shield of Michigan
Grand Rapids, Michigan
Posted about 12 hours ago

Get Hired Faster

Subscribe to job alerts and upload your resume!

*By registering with our site, you agree to our
Terms and Privacy Policy.