Associate - Cyber Security Operations

Cyber Security Operations Specialist - IN

The Cyber Security Operations Specialist - IN communicates, implements, enforces and monitors the organization's security controls to protect technology assets from intentional or inadvertent modification, disclosure or destruction. Under limited supervision, this job works independently to manage and monitor the organization's IT systems and networks to ensure the security and safety of the organization's information. This job monitors all networks and systems within the organization to identify and deter potential threats. This job also helps analyze data to protect and maintain the overall information technology (IT) security of the organization. The Specialist identifies potential data leaks and determines if an incident constitutes a violation of policies and standards.

Key Responsibilities and Duties
- Designs, tests and implements secure operating systems, networks and databases for the organization.
- Performs complex risk assessments and executes tests of data processing system to ensure functioning of data processing activities and security measures.
- Reviews system access logs, ensuring only permitted individuals have access to company information.
- Monitors use of data files and regulates access to safeguard information in computer files.
- Monitors current reports of computer viruses to determine when to update virus protection systems.

Educational Requirements
- University (Degree) Preferred

Work Experience
- 3+ Years Required; 5+ Years Preferred

Career Level

7IC

Information Security Incident Response Specialist

Role Summary:
The TIAA Detection & Response Team is seeking an experienced Information Security Incident Response Specialist to participate in the day-to-day operations of its Information Security Operations Detection team. The incumbent will be responsible for analyzing security events, investigating potentially compromised endpoints, and driving security incidents to resolution. In addition, the incumbent will be responsible for proactively hunting and analyzing unidentified threats in the environment. Other duties will consist of operationalizing new - and tuning existing - security alerts and use cases, assisting in developing and training junior staff, and working with business partners to identify and close gaps in visibility.

**Responsibilities**:

- Perform deep-dive incident analysis by correlating data from various sources and determine if a critical system or data set is affected
- Minimize the dwell time of threat actors by monitoring, triaging, and responding to security events;
- Maintain thorough documentation in the case management system;
- Coordinating investigation and remediation of security incidents.
- Actively hunting for and analyzing previously-unidentified threats in the environment, with little-to-no direction;
- Documenting indicators and other TTPs in order to detect the identified threat actor activity.
- Develop and maintain standard operating procedures, use cases, and other documentation to reflect day-to-day security operations.
- Train, mentor, and assist in the development other security analysts within the Detection & Response Team.
- Provide 24/7 emergency response support in the event of security related incidents.
- Gather, develop, and deploy requirements both functional and technical in nature as defined by customers, stakeholders, and control owners.
- Participate in disaster recovery and on-call schedules as necessary.
- Build and maintain operation and configuration documentation including diagrams and flow charts.

**Required Skills**:

- 10+ years information Cyber security experience.
- Experience handling security incidents, to include reviewing raw log files, data correlation, and analysis (i.e. firewall, network flow, IDS, system logs).
- Experience on a Cyber Security Operations team performing Tier II/III initial incident triage.

Desired Skills:

- 10+ years of in-depth analysis and incident response experience in On-premised, AWS and Azure.
- Bachelor's degree in computer science, information technology, or related field.
- Experience creating new security alerts, reports, or other monitoring capabilities.
- Experience with performing malware analysis (static properties and dynamic) and reverse engineering.
- Previous experience in other information security roles, such as penetration testing, vulnerability management, threat intelligence, content development, or risk management.
- Experience with enterprise information security data management tools preferred
- Industry-recognized information security certifications, i.e. CISSP, C|EH, GCIH, CASP, etc.
- Solid experience in scripting languages such as (or similar to) Python, PERL, and Ruby is a plus
- Proficiency with RSA Archer
- Experience with industry standard frameworks
- Experience with YARA, regex, or other host/network-based signature development
- Passionate about identifying malicious attackers, and understanding attack