Sr Security Operations Center Analyst at NortonLifeLock Inc. in Tempe, Arizona

Job Description:

About NortonLifeLock:

NortonLifeLock Inc. (NASDAQ: NLOK) is a global leader in consumer Cyber Safety. NortonLifeLock is dedicated to helping secure the devices, identities, online privacy, and home and family needs of its nearly 50 million consumers, providing them with a trusted ally in a complex digital world. For more information, please visit NortonLifeLock.com or connect with us on Facebook, Twitter, LinkedIn, Instagram and YouTube.

About the Role:

The Senior Security Operations Center Analyst is an integral part of the Global Cyber Security team and will be responsible for monitoring, detecting, and responding to security events, incidents, and threats. This role ensures that security risks are analyzed and triaged using a wide range of information security technologies deployed within the organization. In addition, this role will help improve the overall risk posture of the organization by implementing controls to prevent or mitigate security risks and exposures. Additional responsibilities may be asked as deemed necessary.

Responsibilities:

• Review, validate, and categorize security events using a variety of information security technologies.




• Investigate user reported potential security risks including phishing emails delivered.




• Analyze a variety of network and host-based logs to lead security investigations and incident response activities.




• Validate and confirm critical security events and determine impact.




• Thoroughly document security investigations throughout incident lifecycle.




• Maintain, update, or create team documentation around incident response activities (e.g. standard operating procedures, playbooks/runbooks, etc.).




• Serve as Incident Commander for cyber security incidents, as needed.




• Develop and build security content, scripts, tools or other methods to enhance the security incident management process.




• Proactive hunt on the network to identify security risks, threats, and exposures.




• Leverage indicators of compromise to determine impact to our environment.




• Make recommendations and/or implement security controls and countermeasures to prevent or mitigate various security risks.




• Serve as a Security Champion by enforcing our Information Security policies and standards. Partner with various stakeholders to seek alternative methods to achieve business outcome, when necessary.

Qualifications:

• Bachelor's degree in Computer Science, Information Assurance, or a related degree or equivalent work experience.




• A minimum of ten (10) years of experience in an Information Security related role.




• A minimum of five (5) year of experience in a Cyber Defense Operations Center or Security Operations Center.




• Knowledge of information security industry and regulatory obligations (PCI DSS, SOX404, SOC1/2, ISO 27000-series, NIST Framework, etc.).




• Self-motivated to creatively find and investigate security events.




• Ability to multi-task and work in fast-paced environment.




• In-depth network analysis (pcap), core forensic familiarity, and incident response skills.




• Exceptional communication and advocacy skills, both verbal and written, with the ability to express complex technical issues in an easily understood manner.




• Ability to collaborate and communicate effectively and respectfully with both business-oriented executives and technology-oriented personnel in teams across the organization.




• Ability to protect all forms of highly confidential and proprietary business information and ability to maintain the highest standards of privacy and security.




• Ability to follow and abide by all information and security policies and practices.




• Industry Certifications preferred: GCIA, GCIH, GCFA, OSCP, etc.




• Scripting experience preferred in one or more of the following languages: R, Python, Ruby, Perl, BASH, PowerShell.

Additional Skills:

An In-depth understanding of:

• Security tools (IPS, HIPS, Web Proxy, Open Source Intelligence, Packet Captures, Memory Analysis, Syslog, DHCP, AD, 802.1x, NAT, VPN logs, Passive DNS, and SIEM).




• Technical proficiency with MITRE ATT&CK Framework and how it's used to assess, enhance, and test security monitoring, threat detection, and mitigation activities.




• Enterprise security controls to detect and protect against varied sophistication around cyber security threats.




• Well-known networking protocols (HTTP, SSH, FTP, DNS, etc).




• Windows, Mac, and Linux-based operating systems from both a user-endpoint and server perspective.




• Common and emerging attack vectors, penetration methods, countermeasures, and remediation methods and implications.

NortonLifeLock is proud to be an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive and accessible environment for all employees. All employment decisions are based on merit, experience, and business needs, without regard to race, color, national origin, age, religion, sex, pregnancy (including childbirth or related medical conditions), genetic information, disability (physical or mental), medical condition, marital status, sexual orientation, gender identity or gender expression, military or veteran status, or any other consideration made unlawful by federal, state, or local law. NortonLifeLock strictly prohibits unlawful discrimination based on such protected characteristics and seeks to recruit the most talented candidates from diverse cultures and backgrounds.

We also consider for employment qualified individuals with arrest and conviction records. In addition, NortonLifeLock will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. Learn more about pay transparency.

EEO is the law. Applicants and employees of NortonLifeLock Inc. are protected under Federal law from discrimination. See the EEO poster and supplement.