Position: Cyber Security Analyst
Location: Hopkins, MN
Working Hours -shift Monday- and will take part in a weekend on-call rotation.
Seeking an exceptional Senior Analyst for Security Operation Center (SOC) which handles Cyber Security Alerts & Incidents originating from multiple sites across the world. As a part of Cyber Security Incident Response Team (CSIRT) s/he will be serving as the first line of defense, responsible for detecting and investigating cybersecurity threats to the Enterprise. This role provides an opportunity to work with advanced Network and Endpoint Detection and Response tools in support of a comprehensive cybersecurity program. As a senior member of the Security Operations Team, this key individual will have a role in mentoring junior analysts as well as a critical role in content development and alarm refinement.
60% Monitoring and Operations
Perform real-time proactive security monitoring, detection and response to security events and incidents within the Cargill Enterprise Network Conduct thorough investigation of security events generated by our detection mechanisms such as SIEM, IDS/IPS, AV
Handle Incident Escalations from SOC L1
Recognizes successful potential intrusions and compromises through review and analysis of relevant event detail information.
Launch and track investigations to resolution. Recognizes attacks based on their signatures.
Differentiates false positives from true intrusion attempts.
Alerts concerned stakeholders of intrusions and potential intrusions and compromises to their IT environment.
Knowledge base update to effectively communicate information internally and to customers
Educate SOC L1 to enable those handling similar incidents in future.
Utilize advanced network and host forensic tools in order to triage and scope an incident.
Categorize the events and raise necessary incidents after thorough quality check of the event.
30% Collaboration and Mentoring
Work closely with L3 Support, Threat Intelligence Team, Tool engineers and Forensics team to provide adequate information required for resolution.
Participate in the Process and Alarm Refinement Committee with key stakeholders from the Cyber Security Incident Response Team and Engineering team maintenance and fine-tuning of security platform functionality.
Collaborate with Technology Governance, Risks, and Controls organization to integrate further datasets.
Maintain situational awareness of latest cybersecurity threats, vulnerabilities and mitigation strategies.
Minimum Required Qualifications
3 or more years of experience in triaging information security alerts from tools like SIEM, DLP, Proxy and other CND security tools.
2 or more years of experience in at least three of the following disciplines within cybersecurity: malware reverse engineering, SIEM content development, digital forensics, host and/or network, penetration testing, network perimeter defense, vulnerability assessment.
Demonstrated knowledge of Windows and Linux OS to include experience working in the command line interface.
Past professional experience investigating and mitigating complex incidents involving various enterprise level cyber-attack methods.
Demonstrated analytical skills; ability to perform independent analysis and distill relevant findings and root cause.
Strong oral and writing skills to articulate complex ideas clearly and effectively; experience creating and presenting documentation and management reports.
Demonstrated ability to manage multiple tasks, priorities, and operational assignments in a high pressure environment.
Bachelor’s/Master’s degree in Information Technology, Information Assurance, Computer Science or equivalent experience.
Master’s in Information Technology, Information Assurance, Computer Science
Industry-recognized Information Security Certifications, including SANS GIAC Certifications, ideally GCIH, GCFA, GREM, CISSP, Security