Go Enterprise, contact us anytime: email, phone, or chat

  • Incident Response Engineer - Insider Analytics

    Zions Bancorporation

    The Incident Response Engineer - Insider Analytics individual will act as key contributor to the CSOC strategy and technical approach to cybersecurity incident response, including tool/vendor selection and process optimization focused on the design, implementation and monitoring of insider threat detection.

Description

Are you passionate about information security?

Do you enjoy solving puzzles, addressing complex problems, working in a fast-paced environment, and guiding others in the finer points of cybersecurity incident response?

If so, we’d love to hear from you!

Zions Bancorporation is seeking a motivated, collaborative, experienced Incident Response Engineer specialized in Insider Threat Analytics to join our team of dedicated cybersecurity operations professionals! The Zions Cybersecurity Operations Center (CSOC) is responsible for primary cybersecurity incident response, forensics, and cyber resiliency. We work with the latest tools and methods, as well as partners across the rest of the security division, IT, and the cybersecurity industry, but we also know how to roll up our sleeves with some old-fashioned detective work when needed.

Your Responsibilities:
-Act as senior, key contributor to the CSOC strategy and technical approach to cybersecurity incident response, including tool/vendor selection and process optimization focused on the design, implementation and monitoring of insider threat detection.
-Conduct analysis and assessments of threats related to insider behavior.
-Track and report insider specific information and metrics
-Analyze anomalous behavior for security impacts
-Assist I building processes, procedures and training for the Insider Threat program
-Document findings for consumption by both technical and non-technical stake holders
-Assist in communication of risks and impacts associated with insider threat
-Ability to correlate data from multiple sources to detect anomalous behavior
-Respond to cybersecurity incidents, especially as an escalation point for high-priority or highly complex incidents
-Act as subject matter expert in multiple security tools and processes such as SIEM, IDS, EDR, DLP, and similar
-Develop and implement monitoring use cases, incident response procedures, playbooks and other technical documentation
-Collaborate with Cybersecurity Architecture and IT in monitoring and alerting infrastructure, processes and tools
-Train, mentor and guide other team members (across both the CSOC and other Information Security departments) on incident response practices, tooling and capabilities


Qualifications

-6+ years of progressive technical experience in one or more technical cybersecurity domains, with at least 5+ years of that time in an incident response role focused on insider threat detection and response.
-Strong communication skills required to work closely with cross functional teams to build and manage an insider threat process.
-Experience with User and Entity Behavior Analytics
-Experience with Data Loss Prevention (DLP) security controls
-Familiarity with risk scoring and threat analysis tools
-Experience writing, testing and deploying user activity monitoring (UAm)
-Hands-on technical experience with one or more commercial SIEM products such as Splunk Enterprise Security, Qradar, -LogRhythm, ArcSight, NetWitness, etc., which should include familiarity with defining and writing alert conditions/use cases in addition to daily use for investigating incidents
-Very strong interpersonal and written communication skills, including the ability to produce technical documentation, standard operating procedures, and incident response playbooks
-Deep technical familiarity with networking concepts, architectures and tools, including network traffic analysis, proxies, functionality of network switches, load balancers, routers and firewalls
-Advanced working knowledge of common attack vectors, different classes of attacks (e.g., passive, active, insider, close-in, distributed, etc.) and general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation or privileges, maintaining access, network exploitation, covering tracks, etc.)
-Advanced knowledge of system administration concepts for UNIX/Linux and Windows operating systems
-Development experience with scripting languages such as R, HIVE, Python, JavaScript, etc, is a plus
-Experience with threat hunting methods and approaches is a plus
-Experience conducting forensics investigations is a plus
-Technical certifications such as GNFA, CISSP are a plus
-Requires a Bachelor's in Information Technology, Computer Science, Business or a related technical field. A combination of education and experience may meet qualifications.


Responsibilities

  • -Act as senior, key contributor to the CSOC strategy and technical approach to cybersecurity incident response, including tool/vendor selection and process optimization focused on the design, implementation and monitoring of insider threat detection.
  • -Conduct analysis and assessments of threats related to insider behavior.
  • -Track and report insider specific information and metrics
  • -Analyze anomalous behavior for security impacts
  • -Assist I building processes, procedures and training for the Insider Threat program
  • -Document findings for consumption by both technical and non-technical stake holders
  • -Assist in communication of risks and impacts associated with insider threat
  • -Ability to correlate data from multiple sources to detect anomalous behavior
  • -Respond to cybersecurity incidents, especially as an escalation point for high-priority or highly complex incidents
  • -Act as subject matter expert in multiple security tools and processes such as SIEM, IDS, EDR, DLP, and similar
  • -Develop and implement monitoring use cases, incident response procedures, playbooks and other technical documentation
  • -Collaborate with Cybersecurity Architecture and IT in monitoring and alerting infrastructure, processes and tools
  • -Train, mentor and guide other team members (across both the CSOC and other Information Security departments) on incident response practices, tooling and capabilities

Details

  • Travel No travel
  • Incentives Not provided
  • Clearance & Citizenship No requirements
  • Remote Work No remote work
  • Education No requirements
  • Salary Range Not provided

Join NinjaJobs!

Registered users get the benefit of full listing views, searches, posting options and more!