Share this Job

Title:  Lead Cyber Threat Analyst

Job ID:  1864
Location: 

Downers Grove, IL, US

Category:  Information Technology
Description: 

Donnelley Financial Solutions (DFIN) is a leader in risk and compliance solutions, providing insightful technology, industry expertise and data insights to clients across the globe. We’re here to help you make smarter decisions with insightful technology, industry expertise and data insights at every stage of your business and investment lifecycles. As markets fluctuate, regulations evolve and technology advances, we’re there. And through it all, we deliver confidence with the right solutions in moments that matter. 

Position Summary

The Lead Cyber Threat Analyst will lead efforts to investigate cybersecurity incidents from end-to-end, engaging and coordinating peer teams, stakeholders, and external entities as necessary. This person will play a role of subject matter expert in the areas of incident response, threat hunting, and forensics. The Lead Cyber Threat Analyst will author incident response runbooks and mentor cyber threat analysts in incident response and digital forensics methodologies.

Responsibilities
  • Lead incident response activities to identify, assess, contain, mitigate all observed threats and document all investigational efforts
  • Develop and operationalize incident response runbooks with an emphasis on automation and ability to measure incident response effectiveness (Develop/track KPIs)
  • Document and track incident response investigations, including observed IOCs and TTPs, system(s) impacted, criticality and scope of any data exposure, lessons learned, follow-up items
  • Act as a liaison between a diverse group of teams including engineering, security, and network & system operations to ensure effective adoption of incident response requirements and operational considerations
  • Act as incident manager for all declared cyber security incidents
  • Conduct necessary forensic activities utilizing industry standard toolsets including Carbon Black, Tanium, Autopsy, Joe Sandbox, FTK Imager, Virus Total, and others
Responsibilities (Cont.)
  • Collect, organize, and analyze data using various cyber security tools such as LogRhythm, Radware DefensePro, Palo Alto Networks, Symantec Endpoint Protection, Anomali ThreatStream, Tanium, Empow Networks, Carbon Black, Obsidian, and others
  • Identify, analyze, and interpret trends or patterns in complex data sets
  • Work with the functional business areas as needed during incident response investigations
  • Develop, customize, and maintain reporting around key metrics related to investigational and threat hunting activities
  • Serve as a trusted advisor to the Director, Security Technologies and the SVP-CISO on sensitive matters warranting confidentiality
  • Demonstrate subject matter expertise across most technology domains
  • Perform other duties as assigned
Required Skills
  • Bachelor degree with 15+ years of relevant work experience OR demonstrated ability to meet the job requirements through a comparable number of years of applicable work experience and education
  • Strong analytical competency
  • Well-versed in multiple cyber security domains and technologies such as firewalls, anti-malware, intrusion detection and/or prevention systems, and other network and systems security platforms
  • Deep insights into threat intelligence tools and techniques
  • Advanced knowledge of cyber-attack techniques, and mitigation strategies
  • Ability to effectively communicate complex topics to engineers and leadership
  • Ability to properly handle confidential data and strictly follow business processes and procedures
Required Skills (Cont.)
  • Ability to operate in fast paced and high stress situations
  • Ability to conduct in-depth forensics analysis on a variety of operating systems and IT platforms
  • Security certifications such as CISSP, GSEC, GCFA, GCFE are a plus
  • 10+ years of cybersecurity investigation experience
  • 10+ years of intensive incident response experience
  • Expert level knowledge in incident response, computer forensics, network traffic analysis, log file analysis, malware analysis
  • Expert level knowledge of operating systems, including Microsoft Windows, Mac OSX, Linux, Unix, and mobile devices
Required Skills (Cont.)
  • Proficiency in one or more programming or scripting languages
  • Knowledge of the MITRE ATT&CK framework to better assist with threat hunting activities
  • Experience using SIEM, SOAR, and/or EDR platforms to identify and mitigate cybersecurity incidents
  • Previous experience in incident response consulting, or government, military, or law enforcement security incident response is highly desirable
  • Experience with the Service Now Security Incident Response Pro module is a plus
  • Experience in securing and investigating incidents in modern cloud environments such as Microsoft Azure and Amazon AWS
  • Proficiency in data analytics tools such as Azure Databricks or similar is a plus
  • Strong familiarity with various privacy-related regulations both domestic and international

It is the policy of Donnelley Financial Solutions to select, place and manage all its employees without discrimination based on race, color, national origin, gender, age, religion, actual or perceived disability, veteran's status, actual or perceived sexual orientation, genetic information or any other protected status. 

If you are a qualified individual with a disability or a disabled veteran, you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access jobs.dfinsolutions.com as a result of your disability.  You can request a reasonable accommodation by sending an email to AccommodationRequest@dfinsolutions.com#TalentknowsTalent

 


Nearest Major Market: Chicago

Job Segment: Consulting, Linux, Unix, Technology