Since 1935, Webster Bank has been helping individuals, families and businesses meet their financial goals. As a leading regional bank, Webster's strong foundation is built on our core values of responsibility, respect, teamwork, trust and commitment to our communities. Webster bankers remain our most valuable asset, and we pride ourselves on our diverse, equitable and inclusive work environment. Come join our team!
Job Title: Senior Cybersecurity Analyst
Date Completed: 11/2/20
To be completed by Human Resources:
I. POSITION SUMMARY
Describe the basic function or purpose of this job - Why does the job exist?
The Senior Cybersecurity Analyst is a hands-on, technical & strategic role within Webster's Security Operations Center (SOC). As an integral member Webster's Security Operations Center (SOC) team, the Senior Cybersecurity Analyst evaluates the end-to-end efficacy of the SOC's handling of security alerts, and makes recommendations to improve the detection and response capabilities of the SOC. The recommendations come in the form of roadmaps, or specific enhancements to technologies or workflow processes. The Senior Cyber Security Analyst will function as a content developer for alerts, coordinate threat hunting initiatives, approve requests for rule tuning, and review/approve requests for ticket closure. Additionally, this role will require suggestions for process improvements and control gaps applicable to the SOC. The Senior Analyst will work closely with Architecture and Engineering to ensure security controls are deployed in a manner to close identified gaps.
This role is the senior (L2/L3) subject matter expert (SME) for SOC investigations, in collaboration with our Managed Detection and Response (MDR) provider. As such, this candidate should be fluent in Threat Hunting, as well as Security Incident and Event Management (SIEM) technologies, alert correlations, Security Orchestration and Automated Response (SOAR), malware analysis, event triage, and Enhanced Detection and Response (EDR) systems. This position will report to Webster's Vice President of Information Security Operations, and will require extensive collaboration with other Security Architects, the Cybersecurity Incident Response Coordinator, and other IT platform owners.
II. MAJOR DUTIES & RESPONSIBILITES
Describe the key responsibilities of this position in order of importance. Statements should be concise and action- oriented. This job profile is intended to be relatively generic and may be used across the organization. Responsibilities that are attributed only to one incumbent should not be listed unless they are so significant that they create a new position.
The Senior SOC Cybersecurity Analyst will be responsible for evaluating the effectiveness and improving the following technology domains in place at Webster:
o Security Incident and Event Management (SIEM) -- Splunk experience is highly preferred.
o Security Orchestration and Automated Response (SOAR) tools -- Phantom experience is highly preferred.
o Data Protection Domain: includes DLP, URL Content filtering, CASB.
o Endpoint Threat Detection: includes EDR capabilities, traditional antivirus, asset management, and familiarity with baseline and configuration management tools.
o Next Generation Firewalls and/or IDS/IPS.
o Threat Hunting & Threat Intelligence.
o Threat Intelligence Platforms (TIP).
o Malware sandbox technologies & interpreting results.
o Incident Response tools, process, and capabilities.
o Splunk Enterprise Security experience desired.
* The Senior Cybersecurity Specialist will also be responsible for producing security roadmaps that into consideration the threat landscape and business needs
* Perform other duties as assigned.
III. EDUCATION, EXPERIENCE & SKILLS
Indicate the education level, previous experience, specific knowledge, skills and abilities required to meet the minimum entry-level requirements for this position. This may include special skills, licenses, certificates, etc.
* Bachelor's Degree required
* 5 -7 years (preferred) working within Cybersecurity field with
o Proven technical proficiency across multiple technologies & controls identified above.
o Proven proficiency with the identification, triage, and analysis of security events using a SIEM.
* Ability to work highly matrixed organization in order to identify stakeholders and Subject Matter Experts (SMEs).
* Experience assessing new security technology solutions.
* Prior experience managing vendor relationships.
* Strong attention to detail.
* Ability to develop security roadmaps and document workflow processes, in order to identify areas needing improvement.
* Splunk experience is highly preferred.
* Experience with malware analysis or at least the ability to interpret the results of a sandbox solution.
* Familiarity with threat intelligence and using external data sources for threat hunting.
* Experience with SIEM correlation searches, tuning, and rule creation.
* Proven technical expertise, evidenced by vendor or security certifications -- preferably (ISC) 2 CISSP and ISSAP, or ISACA CISM, or SANS GIAC certifications.
* Strong desire to constantly improve personal skillsets, attend training, learn new concepts, enthusiasm, be curious etc.
* Ability to think outside the box, be creative, and act independently.
* Providing feedback and recommendation for process improvement is required for this role.