Lead Cybersecurity Incident Analyst at Discover
Discover. A brighter future.
With us, you’ll do meaningful work from Day 1. Our collaborative culture is built on three core behaviors: We Play to Win, We Get Better Every Day & We Succeed Together. And we mean it — we want you to grow and make a difference at one of the world's leading digital banking and payments companies. We value what makes you unique so that you have an opportunity to shine.
Come build your future, while being the reason millions of people find a brighter financial future with Discover.Job Description
Responsibility of the role is to actively participate in supporting the incident response teams through mastery of the technologies and information we analyze, as well as maintain high-level knowledge of detection tools and techniques. This includes new technologies and program optimization through complex project work efforts. Must be able to support technology direction to design Cybersecurity solutions. Coaches and mentors more junior staff members.
- Execute timely, thorough, and effective incident handling through collaboration and innovation. Utilize security monitoring technologies to analyze security events. Provide mitigation services for identified threats and security incidents. Maintain evidence integrity during digital forensic acquisitions and analysis. Complete thorough documentation for incident investigations including root cause analysis, relevant forensic artifacts, and technical and procedural lessons learned. Identify innovative opportunities for incident response tools and processes which enable rapid analysis and response to security incidents at enterprise scale. Assist in the development of presentations and executive briefings regarding relevant security incidents and findings to senior management. Create and maintain documentation for incident response team including technical procedures, detailed diagrams, pertinent metrics, and report templates. Contribute thought leadership and technical solutions back into the investigative and incident response community at a local and global level.
- Identifies and evaluates potential vulnerabilities and drives the normalization, correlation, and integration of internal and subscription threat-intelligence source. Produces actionable intelligence in the form of reports, notifications, alerts, and briefings. Develops mitigation and countermeasure strategies from collected threat intelligence. Recognizes security violations and takes appropriate action to report each incident, as required. Analyzes the organization's cyber defense procedures and configurations and evaluates compliance with regulations and organizational directives. Performs in-depth analysis of security issues and/or vulnerabilities. Ensures compliance to audit, regulatory, and legal requirements. Builds and maintains effective relationships with peers and internal business partners. Creates effective controls to address security concerns. Develops metrics and new capabilities to ensure confidentiality, integrity, availability, authentication, and non-repudiation. Measures effectiveness of defense-in-depth architecture against known vulnerabilities. Engages in reporting risk remediation assurance and automation/integration initiatives and collaborates with stakeholders, at all levels, to ensure remediation is validated, risk is mitigated, and findings are fully closed/resolved. Maintains in-depth knowledge of security trends and threats. Assist in the design and development of security solutions and processes that are consistent with business goals and risk tolerance. Provides subject matter expertise for supported Cybersecurity technologies.
- Proactively detect advanced threats that evade traditional security controls using both manual and machine-assisted capabilities and aims to find advanced adversaries. Develop hunt scenarios, translate them into an iterative process, participating in threat actor-based red team simulations, and creating new detection methodology. Use data analysis, threat intelligence, and cutting-edge security technologies to detect, disrupt and eradicate threat actors. Generate strategically relevant attack scenarios to simulate adversaries. Test security effectiveness and defensive readiness for the organization. Provide alternative analysis as a Red & Hunt team to test the organization’s prevention, detection, and response capabilities against digital threats. Identify how attackers can infiltrate and move inside the organization’s network and find ways to disrupt them. Draw attention to the business impact of computer/system/network security issues.
- Oversee primary data, incident, and analytic security platforms. Manage full-lifecycle development and support of home-grown security tools and solutions. Analyze new tools and technologies. Integration and upkeep of various datasets to ensure data streams are accessible and data quality is maintained. Manage detection content for security tools for operations center. Analysis, monitoring, and reporting of platform operational health and stability. Creation of visualizations and telemetry to accurately depict operational status and increase situational awareness. Maintaining documentation of tools, logic, policies, and procedures.
- Bachelors Computer Science, information Security or related
- 2+ years Information Security, Computer Science, Data Analytics or related
- In Lieu of education, 4+ years Information Security, Computer Science, Data Analytics or related
- GIAC Certifications, Security +, Network +, CISSP, OSCP
#LI-LJ1, #Remote #BI-Remote
What are you waiting for? Apply today!
The same way we treat our employees is how we treat all applicants – with respect. Discover Financial Services is an equal opportunity employer (EEO is the law). We thrive on diversity & inclusion. You will be treated fairly throughout our recruiting process and without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status in consideration for a career at Discover.