Churchill Downs Incorporated is hiring: Cybersecurity Analyst in Louisville

SUMMARY:
The Cybersecurity Analyst will play a crucial role in defending the organization from cybersecurity threats. This position involves investigating and managing security incidents, proactively hunting for emerging threats, and building effective detection rules. The ideal candidate will have strong technical expertise in threat analysis, forensic investigations, and security monitoring, with hands-on experience in SIEM, EDR, and other cybersecurity tools. Additionally, the SOC Analyst will work to optimize SOC performance, refine detection capabilities, and collaborate with internal teams to enhance threat intelligence and incident response processes.

ESSENTIAL DUTIES AND RESPONSIBILITIES include the following:

• Incident Investigation & Response: Lead investigations into security incidents, containing threats, performing root cause analysis, and driving resolution. Provide actionable insights and recommendations for improving security posture.
• SOC Incident Management: Oversee the management of security incidents detected by the outsourced SOC, internal security tools, or processes.
• Incident Response Process Optimization: Continuously improve and maintain incident response playbooks, workflows, and procedures to enhance efficiency and effectiveness in responding to security incidents.
• Threat Hunting: Proactively hunt for advanced threats across networks, endpoints, and systems using SIEM, EDR, and other security monitoring tools. Identify indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) used by threat actors.
• Security Monitoring & Reporting: Leverage security tools to detect, investigate, and respond to security events. Document incidents and provide detailed post-incident reports with analysis and recommendations for strengthening the organization’s security posture.
• Security Tool Expertise: Use and maintain tools like SIEM systems (Splunk preferred), EDR, IDS/IPS, firewalls, and other security technologies. Develop use cases for threat detection, and continuously fine-tune alerting and automation.
• Threat Detection & Use Case Development: Develop, test, and validate new threat detection alerts and automated responses based on emerging threat intelligence.
• Other duties as assigned.
  
  

REGULATORY

• Ability to obtain racing and/or gaming licenses as required in any jurisdiction where CDI operates. The Gaming industry is highly regulated and as such demands an extensive background check to obtain a license. Must be 21 years of age or older.

EDUCATION and EXPERIENCE:

• Bachelor’s degree in Computer Science, Information Security, Cybersecurity, or a related field, or equivalent combination of education and relevant work experience.
• Minimum of 3 years of experience in information security, with at least 1 year focused on incident response.
• Preferred Certifications:
• CISSP, GCIH, GCFA, CSA, GSOC, or other relevant security certifications.

SKILLS and ATTRIBUTES:

• Cybersecurity Fundamentals: Understanding of core cybersecurity principles. Familiarity with SIEM, EDR, IDS/IPS, firewalls, and other security technologies.
• Security Tool Proficiency: Hands-on experience with security monitoring, incident detection, and response tools, including vulnerability scanners, SIEM systems, EDR, and IDS/IPS.
• Scripting & Automation: Experience with Python scripting for automating security tasks, log analysis, and threat detection.
• Threat Hunting Expertise: Proven experience in proactively hunting for and investigating security threats using SIEM, EDR, network security tools, and threat intelligence.
• Knowledge of Threat Frameworks: Familiarity with industry-standard frameworks like MITRE ATT&CK, Cyber Kill Chain, and other threat intelligence models.
• Strong Communication Skills: Excellent verbal and written communication skills, with the ability to effectively communicate technical concepts to both technical and non-technical stakeholders.
• Analytical Problem Solving: Strong analytical and critical thinking skills to identify security issues and devise effective solutions.
• Decisiveness Under Pressure: Ability to make sound decisions quickly and effectively in high-pressure environments, particularly during security incidents.

PHYSICAL DEMANDS/ WORKING CONDITIONS:

• Extended periods of sitting at a desk and working on a computer.
• Regular use of a keyboard and mouse for typing and navigating software.
• Viewing a computer screen for prolonged periods.
• Ability to manipulate paperwork, including filing, sorting, and organizing.
• Moving within the office environment to attend meetings, use office equipment, or interact with colleagues.
• Occasional lifting of office supplies or paperwork (up to 20 pounds).
• Speaking and listening to colleagues and clients in person, over the phone, or via video conferencing.
• Working in a climate-controlled office environment with moderate noise levels.
• Performing repetitive tasks such as data entry or document preparation.
• Working under artificial lighting conditions typical of an office environment, which may include fluorescent or LED lighting.
• Role is onsite five days a week at the Louisville, KY CDI headquarters office.