Listing Description
The S&P Global CIRT team is looking to hire an Incident Response Analyst/Threat hunter to be part of the Global CIRT Team.
As a CIRT Analyst you will be responsible for the detection and containment of Cyber Incident events effecting S&P Global.
As the Threat Hunter it will be your responsibility to build create methodology, and work on developing a mature threat hunting program which will focus on
finding anomalies and gaps in the security posture, recommend and implement solutions to eliminate them.
The ideal individual will have 2-3 years of incident response experience, enjoys staying on the cutting edge of the cyber world, can function independently and part of a global team.
Competencies:
Experience with forensic tools (encase, ftk, open source)
Understanding and familiarity with SEIM products, Qradar, Splunk, Elk
Understanding of cyber security exploits and vulnerabilities.
Understanding and familiarity with penetration testing tools.
Understanding of Red team/Blue team activities
Familiarity with Mitre Att&ck Framework
Responsibilities:
Develop and participate in threat hunting activities within Incident Response.
Triage responses to cybersecurity events and conduct forensic analysis when required
Work closely with S&P Global SOC team to remediate events.
Recommend Process improvements.
Drive efforts towards the containment of threats and the remediation of the environment during or after an incident
Understand the threat landscape through collaboration with the Threat Intelligence team and other stakeholders
Support incident response activities
Build an understanding of key S&P technology, systems, and business practices
Required Qualifications:
Passion for security
Working knowledge of common attack vectors and penetration techniques
Demonstrated experience handling security events in critical environments
Advanced knowledge of network protocols and operating systems
Experience analyzing system and application logs to investigate security and operational issues
Demonstrated experience utilizing a SIEM in investigating security issues
Strong knowledge of current enterprise detection and monitoring technologies and processes
Minimum 3 years of information security experience
Minimum 2 years focused on incident response, red team, or threat hunting activities
Ability to work in an "on call" status as necessary
Organization skills with the ability to multi-task and identify priorities, work with cross-functional global teams, and execute on schedule
Ability to communicate to a technical and non-technical audience.
Excellent report writing and presentation skills
Comfortable working in a fast-paced, exciting environment
Understanding of Cloud concepts AWS, Azure, Alibaba
Understanding of Cloud concepts AWS, Azure, Alibaba
Preferred Qualifications:
Experience in the financial services industry
Experience with digital forensics and data acquisition.
Coding/Scripting in any major language (.NET, Java, Python, Ruby, PowerShell
Windows and Linux administration tools and concepts
Prior SEIM Experience
Understanding of the MITRE ATT&CK Framework
To all recruitment agencies: S&P Global does not accept unsolicited agency resumes. Please do not forward such resumes to any S&P Global employee, office location or website. S&P Global will not be responsible for any fees related to such resumes.
S&P Global is an equal opportunity employer committed to making all employment decisions without regard to race/ethnicity, gender, pregnancy, gender identity or expression, color, creed, religion, national origin, age, disability, marital status (including domestic partnerships and civil unions), sexual orientation, military veteran status, unemployment status, or any other basis prohibited by federal, state or local law. Only electronic job submissions will be considered for employment.
If you need an accommodation during the application process due to a disability, please send an email to: EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person.
The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdfdescribes discrimination protections under federal law.Develop and participate in threat hunting activities within Incident Response.
Triage responses to cybersecurity events and conduct forensic analysis when required
Work closely with S&P Global SOC team to remediate events.
Recommend Process improvements.
Drive efforts towards the containment of threats and the remediation of the environment during or after an incident
Understand the threat landscape through collaboration with the Threat Intelligence team and other stakeholders
Support incident response activities
Build an understanding of key S&P technology, systems, and business practices
Listing Details
- Citizenship: Us Citizen
- Incentives: Bonus
- Education: Bachelors Degree
- Travel: No Travel
- Telework: Optional Telecommute