Lead Cyber Threat Analyst

| Chicago

Donnelley Financial Solutions (DFIN) is a leader in risk and compliance solutions, providing insightful technology, industry expertise and data insights to clients across the globe. We’re here to help you make smarter decisions with insightful technology, industry expertise and data insights at every stage of your business and investment lifecycles. As markets fluctuate, regulations evolve and technology advances, we’re there. And through it all, we deliver confidence with the right solutions in moments that matter. 

Position Summary

The Lead Cyber Threat Analyst will lead efforts to investigate cybersecurity incidents from end-to-end, engaging and coordinating peer teams, stakeholders, and external entities as necessary. This person will play a role of subject matter expert in the areas of incident response, threat hunting, and forensics. The Lead Cyber Threat Analyst will author incident response runbooks and mentor cyber threat analysts in incident response and digital forensics methodologies.

  • Lead incident response activities to identify, assess, contain, mitigate all observed threats and document all investigational efforts
  • Develop and operationalize incident response runbooks with an emphasis on automation and ability to measure incident response effectiveness (Develop/track KPIs)
  • Document and track incident response investigations, including observed IOCs and TTPs, system(s) impacted, criticality and scope of any data exposure, lessons learned, follow-up items
  • Act as a liaison between a diverse group of teams including engineering, security, and network & system operations to ensure effective adoption of incident response requirements and operational considerations
  • Act as incident manager for all declared cyber security incidents
  • Conduct necessary forensic activities utilizing industry standard toolsets including Carbon Black, Tanium, Autopsy, Joe Sandbox, FTK Imager, Virus Total, and others
Responsibilities (Cont.)
  • Collect, organize, and analyze data using various cyber security tools such as LogRhythm, Radware DefensePro, Palo Alto Networks, Symantec Endpoint Protection, Anomali ThreatStream, Tanium, Empow Networks, Carbon Black, Obsidian, and others
  • Identify, analyze, and interpret trends or patterns in complex data sets
  • Work with the functional business areas as needed during incident response investigations
  • Develop, customize, and maintain reporting around key metrics related to investigational and threat hunting activities
  • Serve as a trusted advisor to the Director, Security Technologies and the SVP-CISO on sensitive matters warranting confidentiality
  • Demonstrate subject matter expertise across most technology domains
  • Perform other duties as assigned
Required Skills
  • Bachelor degree with 15+ years of relevant work experience OR demonstrated ability to meet the job requirements through a comparable number of years of applicable work experience and education
  • Strong analytical competency
  • Well-versed in multiple cyber security domains and technologies such as firewalls, anti-malware, intrusion detection and/or prevention systems, and other network and systems security platforms
  • Deep insights into threat intelligence tools and techniques
  • Advanced knowledge of cyber-attack techniques, and mitigation strategies
  • Ability to effectively communicate complex topics to engineers and leadership
  • Ability to properly handle confidential data and strictly follow business processes and procedures
  • Ability to operate in fast paced and high stress situations
  • Ability to conduct in-depth forensics analysis on a variety of operating systems and IT platforms
Required Skills (Cont.)
  • Experience using SIEM, SOAR, and/or EDR platforms to identify and mitigate cybersecurity incidents
  • Previous experience in incident response consulting, or government, military, or law enforcement security incident response is highly desirable
  • Experience with the Service Now Security Incident Response Pro module is a plus
  • Experience in securing and investigating incidents in modern cloud environments such as Microsoft Azure and Amazon AWS
  • Proficiency in data analytics tools such as Azure Databricks or similar is a plus
  • Strong familiarity with various privacy-related regulations both domestic and international
Required Skills (Cont.)
  • Security certifications such as CISSP, GSEC, GCFA, GCFE are a plus
  • 10+ years of cybersecurity investigation experience
  • 10+ years of intensive incident response experience
  • Expert level knowledge in incident response, computer forensics, network traffic analysis, log file analysis, malware analysis
  • Expert level knowledge of operating systems, including Microsoft Windows, Mac OSX, Linux, Unix, and mobile devices
  • Proficiency in one or more programming or scripting languages
  • Knowledge of the MITRE ATT&CK framework to better assist with threat hunting activities

It is the policy of Donnelley Financial Solutions to select, place and manage all its employees without discrimination based on race, color, national origin, gender, age, religion, actual or perceived disability, veteran's status, actual or perceived sexual orientation, genetic information or any other protected status. 

If you are a qualified individual with a disability or a disabled veteran, you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access jobs.dfinsolutions.com as a result of your disability. You can request a reasonable accommodation by sending an email to [email protected]#TalentknowsTalent

Read Full Job Description

Technology we use

  • Engineering
    • .NETLanguages
    • C#Languages
    • PythonLanguages
    • RLanguages
    • SqlLanguages
    • ReactLibraries
    • AngularJSFrameworks
    • ASP.NETFrameworks
    • Microsoft SQL ServerDatabases
    • SAP HANADatabases
    • TeradataDatabases


Located in the heart of downtown Chicago’s financial district, we are steps from all Metra stations, good eats and entertainment.

An Insider's view of DFIN

What’s the vibe like in the office?

I am working among an extremely smart group of people, of which I have created great friendships with. During lunch break we play board games and have interesting technical and financial discussions. It’s exciting to wake up and go to work knowing that I’ll be collaborating with some of the best colleagues I’ve had in my career.


Software Engineer

What projects are you most excited about?

In transforming and improving FinTech products, excitement comes from the challenge of knowing that the problems are complex, yet the solutions must be easy to use. When we start a new project, I can't wait to sink my teeth into understanding the problem space, talking to users, designing the solution, and seeing it through to release.


Principal Product Designer

What makes someone successful on your team?

A successful member of our team at DFIN is comfortable to work with or learn any part of the tech stack. They effectively communicate during meetings to help plan out our next projects as a team, and they ask other members of the team for support if they happen to get stuck while coding.


Associate Software Engineer

What are DFIN Perks + Benefits

DFIN Benefits Overview

The world continues to change in ways we never expected, but there is one constant: your safety and well-being is a top priority, and DFIN has you covered with our benefits.

Partners with Nonprofits
Friends outside of work
Eat lunch together
Intracompany committees
Daily stand up
Open door policy
Team owned deliverables
Team based strategic planning
Group brainstorming sessions
Open office floor plan
Documented equal pay policy
Dedicated Diversity/Inclusion Staff
Highly diverse management team
Unconscious bias training
Diversity manifesto
Someone's primary function is managing the company’s diversity and inclusion initiatives
Hiring Practices that Promote Diversity
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Disability Insurance
Dental Benefits
Vision Benefits
Health Insurance Benefits
Life Insurance
Wellness Programs
Onsite Gym
Mental Health Benefits
Retirement & Stock Options Benefits
401(K) Matching
Company Equity
Performance Bonus
Child Care & Parental Leave Benefits
Generous Parental Leave
We provide up to 4 weeks of parental leave for the primary caretaker. Acme Co. also provides 4 weeks of leave for the secondary caretaker.
Flexible Work Schedule
Remote Work Program
Family Medical Leave
Return-to-work program post parental leave
Vacation & Time Off Benefits
Generous PTO
Paid Holidays
Paid Sick Days
Perks & Discounts
Casual Dress
Commuter Benefits
Company Outings
Stocked Kitchen
Happy Hours
Fitness Subsidies
Professional Development Benefits
Job Training & Conferences
Diversity Program
Lunch and learns
Cross functional training encouraged
Promote from within
Mentorship program
Time allotted for learning
Online course subscriptions available
Customized development tracks
More Jobs at DFIN11 open jobs
All Jobs
Dev + Engineer