Information Security Analyst II

This is a remote role that may be hired in several markets across the United States.

Three 12 hour shifts over the weekend and one 4 hour shift during the week. The weekday shift to be discussed with candidate to find a suitable time for their schedule and our needs.

Seeking an experienced security event telemetry triage Analyst. This is a technical role supporting the Threat Monitoring function with content creation and threat analysis. Candidates who have worked in a Security Operations Center in the past with experience in understanding network, host, and application security telemetry are preferred.

Daily Cadence

• Support the technical analysis of SIEM alerts as requested by the triage team.
• Support the content creation pipeline for new threats identified as a result of an incident, threat intelligence, or vulnerability.
• Identify any technology gaps and contribute to designing solutions to address them.
• Support the automation effort to streamline and accelerate triage response.

• Event Triage and Analysis -investigate SIEM/SOAR events as necessary; bring experience in malware analysis, network/endpoint security to respond and contain incidents.
• Content Development - Support the creation countermeasures and mitigations in response to an incident or threat actor technique.
• Threat Hunting - Support the operational driven inputs (eg. on the heels of an incident or event) into threat hunting and help build countermeasures/mitigations to detect commodity and targeted threats.
• Automation - Identify areas for automation and facilitate the creation of automation use cases and support their implementation.

Bachelor's Degree and 4 years of experience in Information security OR High School Diploma or GED and 8 years of experience in Information security

Preferred Qualifications:

• Familiarity with event triage and analysis methods, building containment and mitigation strategies, and executing them at speed is a must.
• Understanding malware attack paths, its associated artefacts on disk and memory and its use of legitimate applications to hide behaviors will be useful.
• Familiarity with malware behaviors or hands on malware analysis would be a plus.
• Familiarity with exploit writing and as a consequence understanding application behaviors would be useful.

Preferred Skills: * Splunk * Splunk Enterprise Security * Security Information Event Management (SIEM) * Incident Response * Malware Analysis * Forensics * Threat Monitoring * Cyber Security Operations * Cyber Threat Response * Cyber Threat Hunting * Cyber Investigation * Alarm triage * Security Orchestration Automation & Response (SOAR) * Phishing analysis * Phishing mitigation * MITRE ATT&CK Matrix Kill Chain

The base pay for this position is generally between $110,000 and $140,000. Actual starting base pay will be determined based on skills, experience, location, and other non-discriminatory factors permitted by law. For some roles, total compensation may also include variable incentives, bonuses, benefits, and/or other awards as outlined in the offer of employment.

This job posting is expected to remain active for 30 days from the initial posting date listed above. If it is necessary to extend this deadline, the posting will remain active as appropriate. Job postings may come down early due to business need or a high volume of applicants.

Benefits are an integral part of total rewards and First Citizens Bank is committed to providing a competitive, thoughtfully designed and quality benefits program to meet the needs of our associates. More information can be found at https://jobs.firstcitizens.com/benefits.