Location Designation:Hybrid
When you join New York Life, you're joining a company that values career development, collaboration, innovation, and inclusiveness. We want employees to feel proud about being part of a company that is committed to doing the right thing. You'll have the opportunity to grow your career while developing personally and professionally through various resources and programs. New York Life is a relationship-based company and appreciates how both virtual and in-person interactions support our culture.
New York Life is seeking a Security Analyst role for within the Security Operations Center (SOC). The Security Analyst will be responsible for executing both New York Life's cyber incident response procedures and assist with Security Information and Event Management (SIEM) operations in a 24/7/365 model. This role will work with both internal, cross-organizational, and offshore security teams in monitoring, actioning, and improving upon incident response processes for the CTSO Organization.
Responsibilities:
Monitor NYL sources of potential security incidents, health alerts with monitored solutions and requests for information. This includes the monitoring of real-time channels or dashboards, periodic reports, email inboxes, ServiceNow ticketing system, telephone calls, chat sessions.
Follow documented incident-specific procedures to perform triage of potential security incidents to validate and determine needed mitigation.
Escalate potential security incidents to Line 2 Personnel, implement countermeasures in response to others, and recommend operational improvements.
Maintain awareness of the NYL's technology architecture, known weaknesses, the architecture of the security solutions used for monitoring, imminent and pervasive threats as identified by NYL threat intelligence, and recent security incidents.
Provide advanced analysis of the results of the monitoring solutions, asses escalated outputs and alerts from Level 1 Analysts
Perform peer reviews and consultations with Level 1 Analysts regarding potential security incidents.
Provide advice and guidance on the response action plans for information risk events and incidents based on incident type and severity.
Devise and document new procedures and runbooks/playbooks as directed.
Maintain compliance with processes, runbooks, templates and procedures-based experience and best practices.
Provide malware analysis (executables, scripts, documents) to determine indicators of compromise, and create signatures for future detection of similar samples.
Demonstrate knowledge of IBM QRadar SIEM navigation, administration, and implementation.
Continuously improve the vigilance service by identifying and correcting issues or gaps in knowledge (analysis procedures, playbooks, NYL network models), false positive tuning, identifying, and recommending new or updated tools, content, countermeasures, scripts, plug-ins, etc.
Scripting, regex, parser code writing to integrate various log sources along with SIEM tool for monitoring and analysis.
Developing actionable use cases to detect, triage, investigate and remediate based on latest threat actor trends, including actual technical implementation of parsing log sources creating, validating, and testing alerting queries to reduce false positives.
Leverage previous experiences, share best practices, and create innovative solutions to push user adoption and maximize the value of SIEM.
Have a pragmatic approach to dealing with situations where confidentiality is important or where our work is of a sensitive nature. Helping maintain our NYL's strong professional relationships is integral to our business.
Maintain a solid understanding of the NYL's culture, environment (people, process, technology), goals, and security initiatives and communicate all to the engagement team.
Identify and recommend operational improvements to the NYL, drawing on SOC operational experience and industry specific knowledge of risks.
Seek opportunities and offer guidance on how to improve SOC service delivery methodology including owning and driving internal improvement initiatives.
Perform the cyber threat research and knowledge acquisition activities (such as malware, zero-day exploits, botnets, phishing sites etc.)
Actively seek self-improvement through continuous learning and pursuing advancement
Job Qualifications
Bachelor of Science with a concentration in computer science, information systems, information security, math, decision sciences, risk management, engineering (mechanical, electrical, industrial) or other business/technology disciplines or equivalent work experience.
3 to 5 years working in security information and/or technology engineering support.
Certified Information Systems Security Professional (CISSP), Certification in Certified Intrusion Analyst (GIAC), Continuous Monitoring (GMON), Certified Ethical Hacker (CEH) or equivalent (i.e., OSCP).
SIEM certifications such as IBM QRadar, Splunk, etc. or experience interpreting, searching, and manipulating data within enterprise logging solutions(e.g., SIEM, IT Service Management (ITSM) tools, workflows, and automations (SOAR)).
Experience in security technologies such as: Security information and event management (SIEM), IDS/IPS, Data Loss Prevention (DLP), Proxy, Web Application Firewall (WAF), Endpoint detection and response (EDR), Anti-Virus, Sandboxing, Network and Host based firewalls, Threat Intelligence, and Penetration Testing.
Knowledge of Advanced Persistent Threats (APT) tactics, technics, and procedures
Understanding of possible attack activities such as network probing/ scanning, DDOS, malicious code activity, etc.
Proficient understanding of IT infrastructure and security architecture, networks management, network security, log management, ethical hacking and security assessment tools and relevant security technologies, such as malware management, network forensics, flow analysis, IDS/IPS, etc.
Background and knowledge of general security concepts, such as defense-in-depth, least privilege, security architecture and design, threat modeling, etc.
Ability to demonstrate an investigative mindset. Not just being able to execute a task but being able to understand the reason for that task and determine next steps depending on the results while maintaining a firm grasp of the overall goals of the entire process.
Basic understanding of Industry standards in operations such as ITIL processes (e.g., Change Management, Configuration Management, Problem Management, Incident Management), Six Sigma standards, etc.
Experience with scripting (BASH, PowerShell, etc.) and programming languages (Python, HTML, AQL, etc.).
Demonstrable personal interest in computing, security, and digital communications.
Excellent communication, listening & facilitation skills.
Experience creating and delivering effective presentations as a means for communicating project and deliverable progress to NYL stakeholders.
The ability to build and nurture positive working peer relationships within NYLs with the intention to exceed NYL expectations.
#LI-KV1
Salary range:$105,000-$160,000
Overtime eligible:Exempt
Discretionary bonus eligible:Yes
Sales bonus eligible:No
Click here to learn more about our benefits. Starting salary is dependent upon several factors including previous work experience, specific industry experience, and/or skills required.
Recognized as one of Fortune's World's Most Admired Companies, New York Life is committed to improving local communities through a culture of employee giving and volunteerism, supported by theFoundation.We're proud that due to our mutuality, we operate in the best interests of our policy owners. We invite you to bring your talents to New York Life, so we can continue to help families and businesses "Be Good At Life." To learn more, please visit LinkedIn, our Newsroom and the Careers page of www.NewYorkLife.com.
Job Requisition ID:89834
Job Segment: Corporate Security, Loss Prevention, Network Security, Six Sigma, Computer Science, Security, Management, Technology