Senior Information Security Analyst (Remote)

This is a remote role that may be hired in several markets across the United States.

This position supports the Bank's Information Security and Cyber Threat management programs at the highest level of complexity and expertise. Leads the analysis and mitigation of threats identified within the Bank's networks and systems. Ensures that team reporting is timely, accurate, and escalated as necessary to provide actionable intelligence for cyber defense efforts. Develops process improvements and technical solutions that address the identified gaps or deficiencies. Drives the defense of the organization's information security and technological architecture through expert consultation and threat mitigation. Serves as a resource to team members and management on security threats, industry trends, and other relevant intelligence. Leads projects within the work group and resolves escalated, high-risk issues.

Daily Cadence

• Build and track the evolution of the Tactics, Techniques and Procedures which will drive mitigations/countermeasures and general threat posture.
• Support the technical analysis of SIEM alerts as requested by the triage team.
• Support the content creation pipeline for new threats identified as a result of an incident, threat intelligence or vulnerability.
• Identify any technology gaps and contribute to designing solutions to address them.
• Support the automation effort to streamline and accelerate triage response.
• Coordinate and lead incident triage efforts involving internal team members and external stakeholders.
• Communicate status of threat response efforts to multiple stakeholders.

Core Duties

• Threat Hunting Lead -Design the threat hunting pipeline and operationalize various trigger points (eg. Operational, Intelligence, Vulnerability) as drivers into countermeasure and mitigation creation.
• Threat Hunting- Support the operational driven inputs (eg. on the heels of an incident or event) into threat hunting and help build countermeasures/mitigations to address commodity and targeted threats. Also build a capability to track evolving threat actor techniques.
• Content Development - Support the creation of countermeasures and mitigations in response to an incident.
• Incident Analyst/handler –investigate SIEM/SOAR events as necessary; bring experience in malware analysis, network/endpoint security to respond to and contain incidents.

Ancillary Duties

• Industry/Peer group outreach :Collaborate with industry peers and team to proactively combat cyber threats. Activities will include data analysis, sharing actionable intelligence and support queries or collaborative efforts.
• Automation - Identify areas for automation and facilitate the creation of automation use cases and implement them.

Bachelor's Degree and 8 years of experience in Information security OR High School Diploma or GED and 12 years of experience in Information security

Preferred Qualifications

• Familiarity with MITRE ATT&CK and its application to countermeasure creation is a plus.
• The role requires someone who can translate threat actor techniques to building mitigations across a variety of security technologies. This could take the form of Yara, Sigma or Regular Expressions.
• This role would also require familiarity with static and dynamic malware analysis techniques including memory/disk forensics.

Preferred Certifications

• SANS Cloud certifications, GIAC Cloud Security Threat Detection (GCTD) or GCIA or GCFA or Cyber Threat Intelligence (GCTI)

The base pay for this position is generally between $117,000 and $190,000. Actual starting base pay will be determined based on skills, experience, location, and other non-discriminatory factors permitted by law. For some roles, total compensation may also include variable incentives, bonuses, benefits, and/or other awards as outlined in the offer of employment.

This job posting is expected to remain active for 45 days from the initial posting date listed above. If it is necessary to extend this deadline, the posting will remain active as appropriate. Job postings may come down early due to business need or a high volume of applicants

Benefits are an integral part of total rewards and First Citizens Bank is committed to providing a competitive, thoughtfully designed and quality benefits program to meet the needs of our associates. More information can be found at https://jobs.firstcitizens.com/benefits.