Listing Description

Bungie is searching for an experienced Security Analyst and Security Systems Administrator. You will be administering the security stack, investigating anomalous signals, triaging incidents, and improving our detection & prevention capabilities. Bungie's IT Administration team is a small group whose day-to day duties and challenges are varied, from supporting creative staff with high end applications to securing systems, network and technical infrastructure. Ideally, you have strong troubleshooting skills, a team oriented attitude, exceptional customer service skills, and an interest in expanding your technical breadth. As we often tread the cutting edge on new technology adoption, adaptability and a strong desire to research, investigate, and roll out new technologies is a must.

RESPONSIBILITIES

• Security Analysts are responsible for data management, analyzing events & alerts, identifying problems or areas potential concern, and developing recommendations that support Cybersecurity & InfoSec initiatives


• Collaborates with cross functional teams to collect, analyze data, presents results and provides recommendations


• Proactively research and identify network and system vulnerabilities providing recommended countermeasures or mitigating controls to reduce risk to an acceptable and manageable level


• Review results of vulnerability reports to help determine the severity of findings and ensure timely remediation


• Assist with assessing and mitigating risk associated with latest exploits, tactics, techniques, and procedures (TTP), vulnerability remediation, and Cloud security evaluations


• Assist with ongoing security research against various products and infrastructure, apply that knowledge to security testing


• Ability to perform the necessary threat research on enterprise systems/tools/technologies and convert that information into tooling that can be utilized both defensively & offensively


• Strong analytical skills and attention to detail


• Strong written and verbal communication skills with the ability to interact with technical teams and key client stakeholders


• Convey technical security concepts to technical and non-technical audiences


• Assist with the establishment of necessary policies and controls to secure the environment

REQUIRED SKILLS

• Knowledge of Windows, Linux, Unix, or any other major operating systems


• Solid understanding of threat, vulnerability, and risk models


• Experience in administration and operational support of NGAV & EDR solutions


• Foundational understanding of information technology and information security practices, including the areas of application security, policy development, security related research, physical security, systems integrity, and disaster recovery


• Experience with endpoint and system configuration hardening based on compliance requirements and best practices


• Strong foundational knowledge of network-based protocols such as TCP/IP, HTTP, HTTPS, DNS


• Familiarity of investigating, documenting, and reporting security incidents


• Willingness to learn to evaluate security vulnerabilities, develop mitigation strategies, and implement remediation


• Understanding of OWASP Top 10, CVSS, common classes of product security vulnerabilities, and attack/defense methodologies


• Understanding of network security and popular attack vectors


• Desire to learn and grow in the identity and security space

NICE-TO-HAVE SKILLS

• Python and/or Powershell scripting capability


• Understanding and experience with various Active Directory attack techniques


• Experience in securing Cloud platforms including AWS, GCP, and Azure, implementing and maintaining both native and 3rd party security services and tools across those environments


• Experience with network-based detective controls like IDS/IPS, NTA/NDA, and various SIEMS