Analyst Cyber Risk Defense, Threat Detection Operations

Cyber Risk Defense, Cybersecurity, Hiring, Hybrid, IT, Technology, Threat Detection Operations
January 29, 2025
Full Time
Urgent

Apply for this job

Email *
Full Name *
CV Attachment *
Browse

Upload file .pdf, .doc, .docx

Job Description

TDO team members use investigative and forensics skills to determine the cause and context of security events. This includes analysis is performed leveraging various security alerting platforms, our central Security Information and Event Management (SIEM) system, our Security Orchestration and Automation and Response (SOAR) platform, and other security tools. TDO members will analyze alerts from various parts of the KP enterprise including Endpoint Detection and Response (EDR) alerts, Identity and Access Management (IDAM) alerts, Network Security Monitoring (NSM) alerts, and others. Our TDO members collaborate closely with various engineering, development, and security teams across KP depending upon the type of event activity and the nature of the detected threat. When necessary, TDO members escalate events to Incidents, working closely with the Kaiser Permanente Cyber Emergency Response Team (KCERT) on containment and remediation. Also, TDO members participate in crisis management, assisting KCERT, Cyber Threat Situation Management (CTSM), and others in the coordination and resolution of cyber-related crisis.       

Essential Responsibilities

•Ability to apply thorough and methodical assessment skills to analyze and properly triage reported events and incidents                                  

• Possess excellent and thorough communication and documentation skills                                                       

• Ability to work collaboratively in a team of professionals sharing workload and investigation assignments in a fast-paced environment                                                                          

• Ability and willingness to provide (when necessary) afterhours (night and weekend) support for security related incidents as needed                                                             

• Maintain skills through annual and ongoing training and certification                                                                 

• Performs analysis to determine scope, risk, and impact of security events leveraging the MITRE ATT&CK framework and other best practices                                                                     

• Identifies supporting information for events including attack vectors, effected resources, effected profiles, and other supporting evidence                                                                           

• Properly and thoroughly document event findings, evidence, analysis steps, and create after action reports and recommendations if needed                                                                   

• Identifies and applies mitigation controls (where possible) to remediate alerts                                               

• Engages appropriate levels of management to provide updates to any ongoing security issues                  

• Provides updates to team guidance and other central documentation

Minimum Qualifications                                                                          

• Bachelor’s degree in Information Technology, Computer Science, or a related field, and a minimum of 3 years experience in Cyber Security                                                                         

•Additional equivalent work experience of five years of work experience may be substituted for degree requirement, in addition to minimum years of experience (7 years total)                        

• Possess and leverage knowledge of cybersecurity practices including functional areas and cybersecurity operations”                                                                        

Additional Requirements            

• 3+ years hands-on experience with cybersecurity platforms including Data Loss Prevention (DLP), Endpoint Detection and Response (EDR), antivirus (AV), Identity and Access Management (IDAM), Security Information and Event Monitoring (SIEM), and Security Orchestration and Automation (SOAR) platforms

• Related work or educational experience in Information Technology (IT), particularly in cybersecurity/information security 

Licenses and Certifications         

Cybersecurity certifications including CompTIA Network+, Security+, Cloud+, Ethical Hacker, EnCE, GCFE, GCFA, GNFA, GDAT, GCIH, GREM, CISA, CISM, CISSP, and/or similar cybersecurity certifications

Preferred Qualifications              

• Certifications in Information Technology and/or Cybersecurity                                                              

• Possesses knowledge of security technologies at multiple layers: Identity and Access Management, Intrusion Detection, Endpoint Protection, Data Loss Prevention, Security Information and Event Monitoring, etc.                                                             

• Three (3) year experience in cyber security vulnerability, threat response, or investigation.                             

• Three (3) year experience working on project or technical teams

Benefits

  •  Transportation.
  •  Life insurance.
  •  Medical insurance.
  •  Solidarity association.
  •  Growth plans.
  • Additional days off.  

Related Jobs