Security Operations Analyst Job at City National Bank in Miami
City National Bank, Miami, FL, United States
Overview:
The Security Operations Analyst role within the Cyber Security & Risk Management team is responsible for aspects of threat intelligence, monitoring, application/endpoint/network security, and insider threat. The candidate must have a curious investigative mind, an interest in information security, and the ability to communicate complex ideas to varied audiences. The Senior Analyst is a key member of the Cyber Security team responsible for participating in incident response and monitoring functions.
The focus of the Senior Analyst is to detect, disrupt, and eradicate threat actors from the enterprise network. The Security Operations Analyst manages day-to-day information security operations monitoring of mission critical systems, including identification, analysis, case management, and response actions. The Analyst will also be required to carry out other Cyber Security-related activities and projects as specified by management. The role involves close integration with various technical and non-technical stakeholders to drive widespread cyber security program deployment and adoption. The position will drive execution and enhancement of cyber security capabilities throughout information systems in both on-premise and cloud hosted environments. This fast-paced multi-faceted environment requires a highly-motivated, self-driven, strong team player who demonstrates an intrinsic desire for continuous personal and professional growth. Reporting to the Security Operations Manager, the Security Operations Analyst will work closely with Information Technology, Cyber Security, Audit, PMO, and LOB stakeholders, executing requirements, modifying procedures or processes, and/or managing tasks to implement security controls.
Principal Duties & Responsibilities:
- Monitor the cyber threat environment and provide Tiers 1 and 2 support for day-to-day cyber security incidents and service requests.
- Analyze and report security events through SIEM, IT service management portal(s), and other security tools.
- Actively collaborate with MSSP SOC on 24/7/265 monitoring and response of cyber security incidents.
- Performs analysis, testing, documentation and modification of computer systems and/or programs based off verified threats and exploitation of malicious software.
- Conduct incident management of malware threats, phishing submissions, compromised assets, and other anomalous events.
- Liaise with the Cyber Security Engineering/Architecture and IT teams to prioritize platform requirements ensuring high quality and tuning of cyber security solutions.
- Evaluation threat capability gaps within the security stack and make recommendation to management.
- Identify and analyze threat and brand intelligence functions, composing security alert notifications and other communications.
- Identify trends and tactics in the threatscape across the production and corporate infrastructure.
- Monitor brand intelligence functions, monitoring forums, social media, and other threat actor activity channels for potential threats.
- Actively stay up to date with the latest threatscape, attack vectors and countermeasures (engage with ISACs).
- Identify, communicate, and coordinate risk management activities such as vulnerability scanning, dynamic scans, confidentiality, and privacy review etc.
- Collect and maintain evidence supporting cyber assessment findings and recommendations.
- Translate infrastructure technologies such as Network, Database, Server, Endpoint, etc. issues into cyber risks for threat monitoring.
- Conduct Vulnerability Management functions, ensuring vulnerability remediation tasks are properly executed (validation of findings, execution/coordination of remediation, and validation/evidence of remediation).
- Prepare system security reports by collecting, analyzing, and summarizing data and trends.
- Track and communicate assessment required activities and status to stakeholders.
- Implement processes or controls in support of control framework, audit, and risk requirements.
- Continuously update job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations.
- Collaborate with management to determine information security metrics and helps with the collection of information security metrics.
- Collect security incident metrics & data to enable reporting to senior management.
- Upgrade security systems by monitoring security environment; identifying security gaps; evaluating and implementing enhancements.
- Support skill set development of the team members (mentoring, cross-training).
- Develop an understanding of business goals and reframes risk discussions in simple solutions that are understandable at all levels of the organization.
- Manage on-call and after hour incidents.
- Prepares system security reports by collecting, analyzing, and summarizing data and trends.
- Support general inquiries regarding information security practices or security access.
- Support the end-user community with security related issues.
- Provide exceptional customer support across all supported devices.
- Create and maintain Operational Procedure Guides.
- 2-4 years of information security experience.
- 2-4 years of experience engineering and analyzing server-based operating systems.
- Minimum 2 years of technical troubleshooting experience.
- Minimum 2 years of hands-on SIEM experience.
- Experience with Active Directory and Windows system architecture.
- Experience with Litigation Hold and eDiscovery requests.
- Proficient with (MS Office Word, Excel, Power Point, and Outlook).
- Experience with Splunk search, report, and alert functions.
- Fundamental understanding of security and network concepts (Windows and Unix security: OS lockdown; logging and monitoring; application security; user access; perimeter protection principles, network communication rules; intrusion detection and analysis methods; etc.).
- Ability to plan, execute and document initiatives following established processes and procedures.
- Strong attention to detail, analytical skills, ability to operate in a high stress environment, and ability to work both independently as well as part of a larger technology team are also required.
- Experience with delivering messages across a wide spectrum of individuals having varying degrees of technical understanding.
- Strong analytical skills/problem solving/conceptual thinking.
- Open-minded, adaptable, and passionate about learning
- On-call and after-hour work can be expected.
- Valid drivers license and must have the ability to independently visit clients in our entire banking area sometimes with little or no notice.
- Must have the ability to work independently and to carry out assignments to completion within parameters of instructions given, prescribed routines, and standard accepted practices.
- Ability to manage complex issues and develop solutions.
- Must be able to work under pressure and meet deadlines, while maintaining a positive attitude and providing best-in-class client service
- Ability to effectively deal with changing situation, in addition to recognizing, identifying, and interpreting a variety of work such as instructions, forms, and reports.
- Required knowledge of regularly operating a computer and other office productivity machinery, such as a calculator, copy machine, and computer printer.
- Must be able to remain in a stationary position with occasional movement, and move from one point to another within the assigned facility to go to other offices/ departments, to use office equipment, etc.
- Excellent verbal and written communication skills, including ability to effectively communicate with internal and external clients, technical and non-technical.
KNOWLEDGE, SKILLS AND ABILITIES (DESIRED):
- Relevant information security certifications (e.g., CISSP, CISM, CEH, CRISC, CISA, OSCP, GCIH)
- Strong experience managing next-generation anti-malware / endpoint detection & response solutions.
- Knowledge and understanding of banking or financial services industry.
- Experience working in a large enterprise environment.
- Proficient experience in the response and remediation of phishing emails.
- Experience of working in an enterprise SOC, either in-house or as part of an MSP
- Advanced Information Security technical skills and understanding of information security practices and policies.
- Strong intrusion analysis background
- Working knowledge of PowerShell scripting.
- Working knowledge of data center equipment (Server, Storage, Network).
- Knowledge and understanding of configuration management solutions for information security and compliance controls.
- Knowledge and understanding of technology support encryption infrastructure servers or appliances.
- Familiar with common exploited CVEs and remediation methods.
- Understanding of a broad range of security technical concepts.
- Strong verbal and written communication skills.
- Experience of working with technical and non-technical stakeholders.
- Must be able to communicate clearly and concisely with internal and external parties.
- Bachelor's in Computer Science, Information Security, or a related technology field Preferred in Computer Science, Information Security, or a related technology field.
- Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities.
- Please view Equal Employment Opportunity Posters provided by OFCCP here.
- The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)
- Reasonable accommodation may be made to assist individuals with disabilities to complete the online application process. Please contact our Human Resources Department at 305-577-7680 or by e-mail at employment@citynational.com.
#LI-NB1