Security Operations Analyst, Senior Associate

APPLY NOW »

Date: Jun 16, 2022

Location: Lebanon, NJ, US

Company: New York Life Insurance Co

 

 

When you join New York Life, you’re joining a company that values career development, collaboration, innovation, and inclusiveness. We want employees to feel proud about being part of a company that is committed to doing the right thing. You’ll have the opportunity to grow your career while developing personally and professionally through various resources and programs. New York Life is a relationship-based company and appreciates how both virtual and in-person interactions support our culture.

 

 

New York Life is seeking a Security Analyst role for within the CTSO Organization. The Security Analyst will be responsible for executing both New York Life’s cyber incident response procedures and assist with SIEM operations in a 24/7/365 model.  This role will work with both internal, cross-organizational, and offshore security teams in monitoring, actioning and improving upon incident response processes for the CTSO Organization. 

 

This is a REMOTE role, with the occasional request to be onsite.

 

 Responsibilities: 

 

  • Monitor NYL sources of potential security incidents, health alerts with monitored solutions and requests for information. This includes the monitoring of real-time channels or dashboards, periodic reports, email inboxes, ServiceNow ticketing system, telephone calls, chat sessions

 

  • Follow documented incident-specific procedures to perform triage of potential security incidents to validate and determine needed mitigation

 

  • Escalate potential security incidents to Line 2 Personnel, implement countermeasures in response to others, and recommend operational improvements

 

  • Maintain awareness of the NYL’s technology architecture, known weaknesses, the architecture of the security solutions used for monitoring, imminent and pervasive threats as identified by NYL threat intelligence, and recent security incidents

 

  • Provide advanced analysis of the results of the monitoring solutions, asses escalated outputs and alerts from Level 1 Analysts

 

  • Perform peer reviews and consultations with Level 1 Analysts regarding potential security incidents

 

  • Provide advice and guidance on the response action plans for information risk events and incidents based on incident type and severity

 

  • Devise and document new procedures and runbooks/playbooks as directed

 

  • Maintain compliance with processes, runbooks, templates and procedures-based experience and best practices

 

  • Provide malware analysis (executables, scripts, documents) to determine indicators of compromise, and create signatures for future detection of similar samples

 

  • Demonstrate knowledge of IBM QRadar SIEM administration and implementation.

 

  • Continuously improve the vigilance service by identifying and correcting issues or gaps in knowledge (analysis procedures, playbooks, NYL network models), false positive tuning, identifying, and recommending new or updated tools, content, countermeasures, scripts, plug-ins, etc.

 

  • Drive complex deployments of SIEM solutions while working side by side with the customers to solve their unique problems across a variety of use cases

 

  • Scripting, regex, parser code writing to integrate various log sources along with SIEM tool for monitoring and analysis

 

  • SIEM Rule development in response to newly realized scenarios, attacks, IOCs/threat focused approach

 

  • Providing perspective on the latest SOC trends via current state maturity assessment, do now/do next/do later roadmap

 

  • Assist in identifying and deploying security analytics and alerting solutions based on their organizational requirements technical integration with key data inputs (e.g., raw security telemetry coupled with referential data)

 

  • Developing actionable use cases to detect, triage, investigate and remediate based on latest threat actor trends, including actual technical implementation of parsing log sources creating, validating, and testing alerting queries to reduce false positives.

 

  • Interpret technical, operational, business, security, compliance, and audit requirements and translate them into SIEM content for detection and analysis from SOC

 

  • Drive development and implementation of SOC strategies targeted on key risk and business needs, and enhanced by leading practices across people, processes and technology including current state assessments

 

  • Support the design and implementation of SOC operating models, identifying, evaluating, and providing solutions to evaluate complex business via a threat-based approach.

 

  • Leverage previous experiences, share best practices, and create innovative solutions to push user adoption and maximize the value of SIEM

 

  • Design and technically implement threat-based use cases in Security Information Event Management (SIEM) and threat analytic systems

 

  • Assist in the selection and tailoring of approaches, methods, and tools to support service offering or industry projects

 

  • Adopt a pragmatic approach to dealing with situations where confidentiality is important or where our work is of a sensitive nature. Helping maintain our NYL’s strong professional relationships is integral to our business. 

 

  • Identify and recommend operational improvements to the NYL, drawing on SOC operational experience and industry specific knowledge of risks

 

  • Seek opportunities and offer guidance on how to improve SOC service delivery methodology including owning and driving internal improvement initiatives

 

  • Perform the cyber threat research and knowledge acquisition activities (such as malware, zero-day exploits, botnets, phishing sites etc.)

 

  • Serve as a subject matter expert in at least one security-related area (e.g., specific malware solution, python programming, etc.)

 

  • Actively seek self-improvement through continuous learning and pursuing advancement

 

 

Job Qualifications

 

  • Bachelor of Science with a concentration in computer science, information systems, information security, math, decision sciences, risk management, engineering (mechanical, electrical, industrial) or other business/technology disciplines or equivalent work experience

 

  • 3 to 5 years working in security information and/or technology engineering support.

 

  • SIEM certifications such as IBM QRadar, Splunk, etc. or experience interpreting, searching, and manipulating data within enterprise logging solutions (e.g., SIEM, IT Service Management (ITSM) tools, workflows, and automations (SOAR))

 

  • Experience in security technologies such as: Security information and event management (SIEM), IDS/IPS, Data Loss Prevention (DLP), Proxy, Web Application Firewall (WAF), Endpoint detection and response (EDR), Anti-Virus, Sandboxing, Network and Host based firewalls, Threat Intelligence, and Penetration Testing

 

  • Certified Information Systems Security Professional (CISSP), Certification in Certified Intrusion Analyst (GIAC), Continuous Monitoring (GMON), Certified Ethical Hacker (CEH) or equivalent (i.e., OSCP)

 

  • Ability to demonstrate an investigative mindset.  Not just being able to execute a task but being able to understand the reason for that task and determine next steps depending on the results while maintaining a firm grasp of the overall goals of the entire process

 

  • Proficient understanding of IT infrastructure and security architecture, networks management, network security, log management, ethical hacking and security assessment tools and relevant security technologies, such as malware management, network forensics, flow analysis, IDS/IPS, etc.

 

  • Background and knowledge of general security concepts, such as defense-in-depth, least privilege, security architecture and design, threat modeling, etc.

 

  • Knowledge of Advanced Persistent Threats (APT) tactics, technics, and procedures

 

  • Understanding of possible attack activities such as network probing/ scanning, DDOS, malicious code activity, etc. 

  

  • Basic understanding of Industry standards in operations such as ITIL processes (e.g., Change Management, Configuration Management, Problem Management, Incident Management), SixSigma standards, etc.

 

  • Experience with scripting (BASH, PowerShell, etc.) and programming languages (Python, HTML, AQL, etc.).

 

  • Demonstrable personal interest in computing, security, and digital communications.

 

  • Excellent communication, listening & facilitation skills.

 

  • Experience creating and delivering effective presentations as a means for communicating project and deliverable progress to NYL stakeholders.

 

  • The ability to build and nurture positive working peer relationships within NYLs with the intention to exceed NYL expectations.

 

Recognized as one of Fortune’s World’s Most Admired Companies, New York Life is committed to improving local communities through a culture of employee giving and volunteerism, supported by the Foundation. We're proud that due to our mutuality, we operate in the best interests of our policy owners. We invite you to bring your talents to New York Life, so we can continue to help families and businesses “Be Good At Life.” To learn more, please visit LinkedIn, our Newsroom and the Careers page of www.NewYorkLife.com.

Job Requisition ID: 86304

 

 

 


Job Segment: Operations Manager, Information Systems, Network Security, Operations, Security, Technology