As an Edwards Sr. Analyst, IDR, for Information Security, you will contribute with protecting Edwards organization, applications, and products by responding to security threats, designing, and implementing detection use cases and threat hunts and managing log sources onboarding. Ideal candidates posses knowledge in information security incident response and threat hunting, experienced with developing and writing detection engineering use cases and with the ability to drive results. This role is a vital part of our 24x7 Incident Detection and Response team to help protect Edwards.
How will you make an impact:
Serve as key escalation tier (level 2 analyst) for on-call incident response resources
Perform complexed investigations as a part of Edwards active security monitoring and threat hunting operations within SLAs
Drive and design response and remediation actions to protect against security threats in Edwards environments and products
Lead data ingestion efforts from identifying gaps, onboarding data sources, tuning and correlating them
Lead the design, testing and implementation of detection use cases to production
Help drive threat hunting program
Responsible for operations and maintenance of key cyber security capabilities and services in Detection Response area – SIEM (Google SecOps, Splunk, Qradar etc), Log Collectors (WEF, Cribl, NXLog etc)
Design automation workflows to streamline detection and response efforts
As needed, participate in CIRT team efforts
Provide coaching, mentoring, and knowledge transfer to other team members
Document and maintain incident response technical playbooks and incident timelines
Staying informed on the evolving cybersecurity threat landscape to drive innovative detections, threat hunts, and automations to drive Edwards’ security posture
What you'll need (Required):
Bachelor's Degree in related field with 4 years of previous related experience, or equivalent work experience based on Edwards criteria
What else we look for (Preferred):
Previous related experience in Information Security SOC, CIRT or SIEM teams
Participation and leading information security incident handling efforts
Provide and build detailed investigation timelines including documentation, improvements, and recommended action items
Expert with Google SecOps or other SIEM solutions (Splunk, Qradar etc)
Expert with log collectors' management (WEF, Cribl, NXLog etc), parsing experience
Experience with SOAR platforms operations (Torq, PaloAlto XSOAR etc)
Experience with threat hunting operations and/or design
Certifications in related discipline preferred (e.g., CEH, CISM, CISSP)
Expert of IR concepts, data tuning, SIEM, forensics, cloud monitoring
Knowledge of common attack vectors and methods, MITRE framework
Scripting experience preferred
Proficient analytical and problem-solving abilities to identify and mitigate potential security risks
Strict attention to detail
Ability to partner with other information security and IT experts for escalation of security alerts and onboarding log sources
Substantial understanding of troubleshooting techniques with the ability to adapt and learn new technologies
Ability to provide guidance to assigned teams on implementing information security standards and designs
Excellent organization and time management skills
Excellent verbal and written communication skills