Principal Cybersecurity Incident Response Analyst
Discover. A more rewarding way to work.
At Discover Financial Services, you’ll find yourself in the company of some of the industry’s smartest and most reliable professionals. And at a company that rewards dedication, values innovation and supports growth.
Thrive in an environment that promotes teamwork and shared success. Build on a foundation of mutual respect. Join the company that understands rewarding careers like no other, with this exceptional opportunity:
At Discover, be part of a culture where diversity, teamwork and collaboration reign. Join a company that is just as employee-focused as it is on its customers and is consistently awarded for both. We’re all about people, and our employees are why Discover is a great place to work. Be the reason we help millions of consumers build a brighter financial future and achieve yours along the way with a rewarding career.
The Discover Security Intelligence and Incident Response Team (SIIRT) provides world-class digital incident response services. As a member of the SIIRT Digital Forensics and Incident Response team (DFIR), the role will be responsible for performing CSIRT activities including: responding to computer security incidents, gathering forensic evidence, analyzing events based on digital artifacts, determining mitigation/remediation/security improvement opportunities, and working with stakeholders to communicate findings. The DFIR team works closely with other members of SIIRT including the Security Operations Center (SOC), Threat Intelligence, and other Cybersecurity and enterprise teams to maintain a secure operating environment for Discover.
Responsibility of the role is to design the Cybersecurity roadmap, contain potential breaches, conduct digital forensics, and deliver highly complex secure systems, cyber applications, technical projects, and regulatory and risk requirements. Drives Cybersecurity framework, roadmap, program optimization, process engineering, risk remediation, and mitigation of operational risk in a high-velocity culture by introducing technology, requirements, deliverables, gaps, and systems design. Analyzes competitive strategies, cyber technologies, metrics models, and performance indicators. Contributes to robust and innovative strategic solutions, builds resilient support for next-generation systems to solve business challenges, and enhances the control environment and executive decision-making.
- Execute timely, thorough, and effective incident handling through collaboration and innovation
- Utilize security monitoring technologies to analyze security events
- Provide mitigation services for identified threats and security incidents
- Maintain evidence integrity during digital forensic acquisitions and analysis
- Complete thorough documentation for incident investigations including root cause analysis, relevant forensic artifacts, and technical and procedural lessons learned
- Identify innovative opportunities for DFIR tools and processes which enable rapid analysis and response to security incidents at enterprise scale
- Deliver presentations and executive briefings regarding relevant security incidents and findings to senior management
- Create and maintain documentation for DFIR including technical procedures, detailed diagrams, pertinent metrics, and report templates
- Promote a risk-aware culture, and ensure efficient and effective risk and compliance management practices by adhering to required industry standards and processes
- Collaborate with and provide guidance to DFIR teammates, members of SIIRT, and other internal security teams
- Contribute thought leadership and technical solutions back into the investigative and DFIR community at a local and global level
- Acts as the principal advisor to upper management in Cybersecurity matters. Provides guidance to Cybersecurity architects in the design and development of security solutions, consistent with business goals and risk tolerance. Works closely with business analysts, engineers, and architects to ensure security requirements are effectively met through all phases of system lifecycles. Determines whether systems perform as expected, provides input to the determination of operational effectiveness, and takes action to remediate issues and resolve gaps. Directs security solutions and technical assurance in alignment with business risk and regulatory requirements.
- Works closely with management to define and promote the strategic direction of the team. Provides strong leadership and direction to team members. Provides subject matter expertise across all Cybersecurity technologies. Oversees Cybersecurity projects and initiatives to ensure complete and timely delivery of key objectives.
- Identifies, evaluates, and remediates potential vulnerabilities, and develops cyber solutions, internal processes, and standards for threat intelligence workflow. Contains potential breaches, conducts digital forensics, and submits an independent, classified incident review to senior leadership. Articulates defensive security measures, defines new security requirements, and develops mitigation techniques to maximize protection and preservation of the brand. Advises leadership on an entire range of risk matters facing the department and ensures the mitigation of operational risks. Resolves conflicts in laws, regulations, policies, standards, or procedures.
- Resolves and remediates security issues and/or vulnerabilities. Ensures compliance to audit, regulatory, and legal requirements. Builds and maintains effective relationships with peers and internal business partners, and external vendors. Provides oversight for team direction, tactical responsibilities, and effective controls.
- Designs metrics models and develops advanced capabilities to ensure confidentiality, integrity, availability, authentication, and non-repudiation. Develops unique cybersecurity performance and risk indicators to maintain constant awareness of the status of the highly dynamic operating environment. Develops assessment plans and measures risk performance for effective dashboard reporting. Conducts strategic and operational effectiveness assessments as required for cyber events, and regulatory and audit reviews.
At a minimum, here’s what we need from you:
- H.S. Diploma or GED
- 6+ years of experience in Information Security, Computer Science, Engineering, Data Analytics, or related field
If we had our say, we’d also look for:
- Bachelor’s Degree in Information Security , Computer Science, Business Administration, Data Analytics, or related field
- 8+ years of experience in Information Security, Computer Science, Engineering, Data Analytics, or related field
- In lieu of a degree, 4+ years of experience with related certifications: CISSP/GIAC
- 6+ years of technical experience in Incident Response and Digital Forensics
- Extensive experience performing log analysis, responding to security events, and implementing mitigation strategies and techniques
- Adept in acquiring and analyzing digital evidence and producing through reports, including analysis findings and lessons learned
- Proficient in using major DFIR tools and techniques, including disk, memory, and network forensics
- Strong multi-disciplinary background in information technologies such as: enterprise web applications, operating systems, computer programming, networking, or system administration
- PMP, CEH, GIAC, CISM, CISSP.
Discover Financial Services is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran status, among other things, or as a qualified individual with a disability.
So, what are you waiting for? Apply today!