Lead Cyber Threat Analyst at DFIN

| Chicago
Sorry, this job was removed at 7:15 a.m. (CST) on Thursday, May 6, 2021
Find out who's hiring in Chicago.
See all Operations jobs in Chicago

Donnelley Financial Solutions (DFIN) is a leader in risk and compliance solutions, providing insightful technology, industry expertise and data insights to clients across the globe. We’re here to help you make smarter decisions with insightful technology, industry expertise and data insights at every stage of your business and investment lifecycles. As markets fluctuate, regulations evolve and technology advances, we’re there. And through it all, we deliver confidence with the right solutions in moments that matter. 

Position Summary

The Lead Cyber Threat Analyst will lead efforts to investigate cybersecurity incidents from end-to-end, engaging and coordinating peer teams, stakeholders, and external entities as necessary. This person will play a role of subject matter expert in the areas of incident response, threat hunting, and forensics. The Lead Cyber Threat Analyst will author incident response runbooks and mentor cyber threat analysts in incident response and digital forensics methodologies.

Responsibilities
  • Lead incident response activities to identify, assess, contain, mitigate all observed threats and document all investigational efforts
  • Develop and operationalize incident response runbooks with an emphasis on automation and ability to measure incident response effectiveness (Develop/track KPIs)
  • Document and track incident response investigations, including observed IOCs and TTPs, system(s) impacted, criticality and scope of any data exposure, lessons learned, follow-up items
  • Act as a liaison between a diverse group of teams including engineering, security, and network & system operations to ensure effective adoption of incident response requirements and operational considerations
  • Act as incident manager for all declared cyber security incidents
  • Conduct necessary forensic activities utilizing industry standard toolsets including Carbon Black, Tanium, Autopsy, Joe Sandbox, FTK Imager, Virus Total, and others
Responsibilities (Cont.)
  • Collect, organize, and analyze data using various cyber security tools such as LogRhythm, Radware DefensePro, Palo Alto Networks, Symantec Endpoint Protection, Anomali ThreatStream, Tanium, Empow Networks, Carbon Black, Obsidian, and others
  • Identify, analyze, and interpret trends or patterns in complex data sets
  • Work with the functional business areas as needed during incident response investigations
  • Develop, customize, and maintain reporting around key metrics related to investigational and threat hunting activities
  • Serve as a trusted advisor to the Director, Security Technologies and the SVP-CISO on sensitive matters warranting confidentiality
  • Demonstrate subject matter expertise across most technology domains
  • Perform other duties as assigned
Required Skills
  • Bachelor degree with 15+ years of relevant work experience OR demonstrated ability to meet the job requirements through a comparable number of years of applicable work experience and education
  • Strong analytical competency
  • Well-versed in multiple cyber security domains and technologies such as firewalls, anti-malware, intrusion detection and/or prevention systems, and other network and systems security platforms
  • Deep insights into threat intelligence tools and techniques
  • Advanced knowledge of cyber-attack techniques, and mitigation strategies
  • Ability to effectively communicate complex topics to engineers and leadership
  • Ability to properly handle confidential data and strictly follow business processes and procedures
  • Ability to operate in fast paced and high stress situations
  • Ability to conduct in-depth forensics analysis on a variety of operating systems and IT platforms
Required Skills (Cont.)
  • Experience using SIEM, SOAR, and/or EDR platforms to identify and mitigate cybersecurity incidents
  • Previous experience in incident response consulting, or government, military, or law enforcement security incident response is highly desirable
  • Experience with the Service Now Security Incident Response Pro module is a plus
  • Experience in securing and investigating incidents in modern cloud environments such as Microsoft Azure and Amazon AWS
  • Proficiency in data analytics tools such as Azure Databricks or similar is a plus
  • Strong familiarity with various privacy-related regulations both domestic and international
Required Skills (Cont.)
  • Security certifications such as CISSP, GSEC, GCFA, GCFE are a plus
  • 10+ years of cybersecurity investigation experience
  • 10+ years of intensive incident response experience
  • Expert level knowledge in incident response, computer forensics, network traffic analysis, log file analysis, malware analysis
  • Expert level knowledge of operating systems, including Microsoft Windows, Mac OSX, Linux, Unix, and mobile devices
  • Proficiency in one or more programming or scripting languages
  • Knowledge of the MITRE ATT&CK framework to better assist with threat hunting activities

It is the policy of Donnelley Financial Solutions to select, place and manage all its employees without discrimination based on race, color, national origin, gender, age, religion, actual or perceived disability, veteran's status, actual or perceived sexual orientation, genetic information or any other protected status. 

If you are a qualified individual with a disability or a disabled veteran, you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access jobs.dfinsolutions.com as a result of your disability. You can request a reasonable accommodation by sending an email to [email protected]#TalentknowsTalent


Read Full Job Description

Technology we use

  • Engineering
    • .NETLanguages
    • C#Languages
    • PythonLanguages
    • RLanguages
    • SqlLanguages
    • ReactLibraries
    • AngularJSFrameworks
    • ASP.NETFrameworks
    • Microsoft SQL ServerDatabases
    • SAP HANADatabases
    • TeradataDatabases

Location

Located in the heart of downtown Chicago’s financial district, we are steps from all Metra stations, good eats and entertainment.

An Insider's view of DFIN

What projects are you most excited about?

In transforming and improving FinTech products, excitement comes from the challenge of knowing that the problems are complex, yet the solutions must be easy to use. When we start a new project, I can't wait to sink my teeth into understanding the problem space, talking to users, designing the solution, and seeing it through to release.

Dan

Principal Product Designer

What makes someone successful on your team?

Active and honest listening – Contrary to the stereotypical, extroverted sales rep, some of my most effective and insightful client interactions are when I do the least amount of talking, and the most active listening. Client insight is exponentially easier to excavate when you stop “pitching” – and start listening.

Carey

Senior Sales Representative

What is your vision for the company?

Our business plan reflects the change in products DFIN is selling today versus what we sell in five years. DFIN today is a company that offers a lot of professional services that we added software to, but the goal is to become a SaaS company that has services to support it.

Stephen

SVP, Global Head of Engineering

What does your typical day look like?

The role of a software engineer is really about creating computational systems and ensuring they behave as designed. My day-to-day is focused mostly on writing code that provides new functionality within our products that we see a need for in the market—and providing quality control to be certain it works properly.

Herve

Senior Software Engineer

What are DFIN Perks + Benefits

DFIN Benefits Overview

The world continues to change in ways we never expected, but there is one constant: your safety and well-being is a top priority, and DFIN has you covered with our benefits.

Culture
Partners with Nonprofits
Friends outside of work
Eat lunch together
Intracompany committees
Daily sync
Open door policy
Team owned deliverables
Team based strategic planning
Group brainstorming sessions
Open office floor plan
Diversity
Documented equal pay policy
Highly diverse management team
Unconscious bias training
Diversity manifesto
Hiring Practices that Promote Diversity
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Disability Insurance
Dental Benefits
Vision Benefits
Health Insurance Benefits
Life Insurance
Wellness Programs
Onsite Gym
Mental Health Benefits
Retirement & Stock Options Benefits
401(K)
401(K) Matching
Company Equity
Performance Bonus
Child Care & Parental Leave Benefits
Generous Parental Leave
Flexible Work Schedule
We value a work / life balance at DFIN.
Remote Work Program
We have partial and fully remote opportunities at DFIN.
Family Medical Leave
Family Medical Leave granted under the Family and Medical Leave Act (FMLA).
Return-to-work program post parental leave
Vacation & Time Off Benefits
Generous PTO
Paid Holidays
Paid Sick Days
Perks & Discounts
Casual Dress
Commuter Benefits
Company Outings
Happy Hours
Parking
Employee parking available
Fitness Subsidies
Professional Development Benefits
Job Training & Conferences
Diversity Program
Lunch and learns
Cross functional training encouraged
Promote from within
Mentorship program
Time allotted for learning
Online course subscriptions available
Customized development tracks
More Jobs at DFIN30 open jobs
All Jobs
Finance
Data + Analytics
Dev + Engineer
Marketing
Operations
Product
Project Mgmt
Sales
Data + Analytics
new
Chicago
Data + Analytics
new
Chicago
Data + Analytics
new
Chicago
Developer
new
Chicago
Developer
new
Chicago
Developer
new
Chicago
Marketing
new
Chicago
Sales
new
Chicago
Product
new
Chicago
Developer
new
Chicago
Finance
new
Chicago
Developer
new
Chicago
Operations
new
Chicago
Project Mgmt
new
Chicago
Sales
new
Chicago