Senior Cyber Defense Analyst

This is a fully remote position, open to applicants in United States.

📋 Description

• Carry out daily security operations by monitoring, triaging, and executing response measures for security events and alerts related to cyber threats, intrusions, and compromises.

• Evaluate events using security tools and logging systems, such as SIEM and EDR, to assess the potential risk and severity level of cyber threats.

• Escalate higher-risk incidents to dedicated incident response and management teams within the CFC, following established procedures.

• Collaborate with external teams for incident resolution and escalations, facilitating incident management.

• Inform team Lead(s) of operational concerns, such as unusual changes in metrics, significant open incidents, quality issues, or identified risks; assist in resolving these concerns when appropriate.

• Oversee and manage assigned caseload through the entire incident response lifecycle, including analysis, containment, eradication, recovery, and lessons learned; uphold quality standards to resolve events.

• Keep comprehensive case documentation, including notes, analysis findings, containment measures, and causes for each assigned security incident.

• Provide incident updates or reach out to end-users promptly and document these interactions, completing case hand-off processes, including the verification of shift logs.

• Leverage subject matter expertise in security operations processes to enhance relevant playbooks, Standard Operating Procedures (SOPs), and training materials.

• Support team Leads and management in developing use cases by recommending improvements or tuning of use cases to enhance the security posture of Experian.

• Engage in paid overtime as operational demands may necessitate additional support.

⛳️ Requirements

• A minimum of 3 years of information security experience within a Security Operations Center or Cyber Security Incident Response Team.

• Bachelor's Degree in Computer Science, Computer Engineering, Information Systems, Information Security, or a related discipline.

• At least 6 years of experience in a Security Operations Center, Incident Response Team, law enforcement, or military experience may be considered in lieu of this requirement.

• Demonstrated understanding of the Incident Response Life Cycle, MITRE ATT&CK Framework, Cyber Kill Chain, and other cybersecurity frameworks.

• Proven knowledge of common intrusion techniques and cyber-attack tactics, techniques, and procedures (TTPs).

• Proven ability to determine suitable methods for containing, eradicating, and recovering from various security incidents.

• Familiarity with common Operating Systems (Windows, Linux, Mac OS), Networking (Firewalls, Proxies, NetFlow, etc.), Cloud Infrastructure (AWS, Azure, GCP), and Security Technologies (Anti-Virus, Intrusion Prevention, Web Application Firewalls, etc.).

• Competence in reviewing and interpreting device and application logs from diverse sources (e.g., Firewalls, Proxies, Web Servers, System Logs, Splunk, Packet Captures, etc.) to identify root causes and determine subsequent steps for containment, eradication, and recovery.

• Experience with common Incident Response and Security Monitoring applications such as SIEM (e.g., Qradar, Splunk), EDR (e.g., FireEye HX, CrowdStrike Falcon, Microsoft Defender, etc.); familiarity with Security Orchestration, Automation, and Response (SOAR) technologies like Palo Alto XSOAR and Google Secops (Chronicle) is a plus.

• One or more professional certifications currently held related to Digital Forensics, Incident Response, or Ethical Hacking are highly preferred (e.g., GCIH, GMON, GCED, GSOC, CEH, GCFE, GCFA, CFCE, ENCE).

🏝️ Benefits

• Attractive compensation package along with a bonus plan.

• Core benefits such as medical, dental, vision, and matching 401K.

• Flexible work environment with options to work remotely, in a hybrid setting, or in-office.

• Flexible time off policy that includes volunteer time off, vacation, sick leave, and 12 paid holidays.