The CylanceGUARD Analyst Level 3 is responsible to be the frontline of defense for customers of CylanceGUARD. CylanceGUARD provides an active hunting solution to our customers 24 hours a day, 7 days a week.
Working within the CylanceGUARD team, the Analyst is responsible for reviewing Cylance product alerts to detect advanced threats that evade traditional security solutions as well as creating new detection capabilities to allow for proactive detection of system compromises. The Analyst will ensure that new environments are identified and understood to enable accurate and actionable reporting for other CylanceGUARD tiers. Analysts will also participate in developing processes, procedures, training, etc. for new technologies. The candidate must have a curious investigative mind, an interest in information security, and the ability to communicate complex ideas to varied audiences
WHAT YOU WILL DO
- Responsible for working in a 24x7 Security Operation Center (SOC) environment.
- Third shift: 12 midnight - 9am
- Provide analysis and trending of security log data from a large number of heterogeneous customer environments.
- Provide Incident Response (IR) support when analysis confirms actionable incident.
- Provide threat and vulnerability analysis as well as security advisory services.
- Analyze and respond to previously undisclosed software and hardware vulnerabilities
- Investigate, document, and report on information security issues and emerging trends.
- Coordinate with Level 2 analysts on activities impacting a diverse customer base.
- Integrate and share information with other analysts and other teams.
- Other tasks and responsibilities as assigned.
WHO WE ARE LOOKING FOR
- 1+ year of experience in Information Security (Required)
- 1+ year of experience with the incident response process, including detecting advanced adversaries, log analysis using SIEM, and malware triage (Required)
- Deep understanding of the forensic artifacts within one of the following; Windows, Mac, and/or Linux (Required)
- Knowledge and experience working with the Cyber Kill Chain Model, Diamond Model or MITRE ATT&CK Matrix. (Required)
- Familiarity with Cylance Endpoint Protection Products (Desired)
- Prior experience working with in the following areas: (Desired)
- Computer Incident Response Team (CIRT)
- Computer Security Incident Response Center (CSIRC)
- Security Operations Center (SOC)
- Experience with APT/crimeware ecosystems (Desired)
- Programming/Scripting with Python, VB, Powershell, and/or Go (Desired)
- Familiar with ELK; building searches, dashboards, and log stash filters (Desired)
- Red/Pentesting Team experience (Desired)
ABOVE AND BEYOND
- Bachelor's degree in Computer Science, Engineer or related field
- Certifications such as, OSCP, GPEN, GCFA, GCFE, GREM, GCNA, GCIH, or GCIA
WHAT WE NEED FROM YOU TO APPLY
- Current resume
- Cover letter/summary expressing:
- Why you are interested in working at Blackberry Cylance
- The skills, strengths and expertise you will contribute to our diverse team of extraordinary talent and humble hearts
Job Family Group Name:
Scheduled Weekly Hours: