What you will be doing: In this role, you will use your knowledge of industry best practices, good judgment, and problem-solving skills to execute security operations and incident response. You will be on the front lines of cyber defense for one of the largest retail organizations in the US. You should be adept at making good decisions under pressure and be able to quickly adapt to any security challenge. You will have a keen attention to detail and be disciplined in documenting processes and procedures. You will also be in a support role for requests coming into the team making sure departmental SLAs are met. The Security Operations / Incident Response team's goal is operational excellence, continual process improvement, and customer service.
Main responsibilities:- Perform log analysis and correlate disparate datasets to identify abnormal behavior.
- Respond to security events, driving issues to closure, and engaging all appropriate resources.
- Document Security process and procedures.
- Support service requests intake process and communicate back to requestors promptly.
- Provide enforcement of security policies, standards, and procedures.
- Knowing the latest on security technologies, trends, standards, and best practices.
- Participate in Incident Response activities.
- Detecting, and analyzing cybersecurity threats.
- Working with our MSSP, responding to internal and external cyber security events.
- Ensure quality service delivery to internal customers across current and future capabilities including SIEM, Triage/Investigate/Response, Phishing Email Analysis and Response, and Threat Detection Development.
- Ensure service incidents are closed within SLA.
- Ensure service metrics (SLAs/KRIs/KPIs) are met.
- Interface with our Cyber Threat Intelligence (CTI) team on detection development and new/upcoming threats.
- Will be working on Data Loss Protection.
- Other duties and responsibilities as assigned.
- This position will be a part of Albertsons Companies 24/7 Security Operations Center and may involve shift work including day, evening, and weekend roles.
What we are searching for:- Expert-level knowledge and understanding of information technology systems and processes.
- Experience with IT Service Management. Especially around the delivery of security services.
- Demonstrated and proven analytical, problem-solving, and troubleshooting skills.
- The ability to learn, understand, and apply new concepts quickly.
- Experience writing detection rules, firewall rules, or any other similar detection capability.
- Comfortable with working with other internal or external organizations regarding security policy and standards violations, security control failure, and incident response situations.
- Ability to balance and prioritize work.
- Knowledge of information security principles and practices.
- A sound understanding of the OSI networking model.
- Advanced knowledge of networking protocols including DNS, TCP/IP, and UDP.
- Experience with Windows Server/Workstation and Mac OS is required.
- Advanced level knowledge and experience with EDR, antivirus, anti-malware, and proxy solutions.
- Must be trustworthy in keeping sensitive data confidential.
- Thorough understanding of current attack tools, tactics, procedures, and how to detect and/or mitigate them.
- Experienced and in-depth knowledge of Data Loss Protection.
We believe the successful candidate has these qualifications and experience:- Experience working within Enterprise SOC operations.
- Experience with security operations technologies including SIEM, EDR, Cyber Threat Intelligence, Adversary Hunting, and Security Orchestration (SOAR) or other applicable experience.
- Comfortable participating in Incident Response Investigations, and Incident Response Plan execution.
- Performing appropriate forensic procedures to capture and preserve evidence for future use and analysis in a manner that allows for appropriate chain of custody.
