CylanceGUARD Sr Analyst - 3rd Shift
Irvine, CA

Job Description

Worker Sub-Type:

Regular

Job Description:

THE POSITION

The focus of the CylanceGUARD Analyst Level 2 is to perform proactive threat hunting in an effort to identify system compromises. You will participate in several different areas within Security Operations and Incident Response process; these activities will primarily include endpoint digital forensics, threat hunting use case development, security control testing, product detection rule creation, hunt plan development, and product enhancement feedback or development. The Analyst will use data analysis, threat intelligence, and cutting-edge security technologies to perform their threat hunting activities.

Working within the CylanceGUARD team, the Analyst is responsible for reviewing Cylance product alerts to detect advanced threats that evade traditional security solutions as well as creating new detection capabilities to allow for proactive detection of system compromises. The Analyst will ensure that new environments are identified and understood to enable accurate and actionable reporting for other CylanceGUARD tiers. Analysts will also participate in developing processes, procedures, training, etc. for new technologies. The candidate must have a curious investigative mind, an interest in information security, and the ability to communicate complex ideas to varied audiences

WHAT YOU WILL DO

* Track threat actors, their tactics, techniques, and procedures (TTPs), and their associated Indicators of Compromise (IOCs)
* 3rd Shift- 12 midnight - 9am
* Keep up to date on the latest intelligence on threat actor TTPs/IOCs by reading blogs and performing research in a lab, while also coordinating with Threat Research Teams to develop countermeasures
* Conduct forensic analysis of primarily endpoints; as well as events from a variety of Cylance Endpoint products
* Perform Root Cause Analysis of security incidents to develop enhancements to existing alerting tools
* Compile detailed investigation and analysis reports for internal threat research consumption and delivery to customers
* Assist in incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts
* Develop advanced queries and alerts to detect adversary actions

WHO WE ARE LOOKING FOR

* 3+ years of experience in Information Security (Required)
* 2+ years of experience with the incident response process, including detecting advanced adversaries, log analysis using SIEM, and malware triage (Required)
* Experience with packet analysis and usage of deep packet inspection toolsets.
* Deep understanding of the forensic artifacts within one of the following; Windows, Mac, and/or Linux (Required)
* Knowledge and experience working with the Cyber Kill Chain Model, Diamond Model or MITRE ATT&CK Matrix. (Required)
* Familiarity with Cylance Endpoint Protection Products (Desired)
* Prior experience working with in the following areas: (Desired)
* Computer Incident Response Team (CIRT)
* Computer Security Incident Response Center (CSIRC)
* Security Operations Center (SOC)
* Experience with APT/crimeware ecosystems (Desired)
* Programming/Scripting with Python, VB, Powershell, and/or Go (Desired)
* Familiar with ELK; building searches, dashboards, and log stash filters (Desired)
* Red/Pentesting Team experience (Desired)

ABOVE AND BEYOND

* Bachelor's degree in Computer Science, Engineer or related field
* Certifications such as, OSCP, GPEN, GCFA, GCFE, GREM, GCNA, GCIH, or GCIA

WHAT WE NEED FROM YOU TO APPLY

* Current resume
* Cover letter/summary expressing:
* Why you are interested in working at Blackberry Cylance
* The skills, strengths and expertise you will contribute to our diverse team of extraordinary talent and humble hearts



Job Family Group Name:

Sales

Scheduled Weekly Hours:

40