Job Title: Security Analyst V

Location: Detroit, MI 48226 Or Charlotte, NC

Start Date: 6/7/2024

Est. End Date: 12/31/2026

NOTE: Requisition Broadcast: 6/21/24 - Resumes due: 6/26/24 EOD. Onsite in Charlotte or Detroit for Hybrid model 3 days a week – may consider remote for ideal candidate.

** Cybersecurity Response Engineer**:

** Experienced with use case development lifecycle and risk based alerting mechanisms;

** Working knowledge of the incident response lifecycle and MITRE ATT&CK Framework; **Splunk.

**Good communication skills – Proactive – independent, self-starter – independent worker who will take initiative and work well collaboratively. Confident and able to challenge respectfully and look for opportunities for continuous improvement. Able to mentor and coach junior team members

** Video conference interview; provide location and best time to interview.

Job Description

Response Engineer

Position Description

The Cybersecurity Response Engineer position is a valued member of the Information Protection and Risk Management (IPRM) department. The Cybersecurity Response Engineer will be a part of the Cyber Threat Response (CTR) team and will primarily serve the Security Operations Center (SOC) and Cyber Security Incident Response Teams (CSIRT) by developing and maintaining alert use cases, onboarding new security tools, facilitating access and training, and managing overall risk. To do so, they will also work closely with the Cyber Analytics and Data Science (CADS) team, as well as various Cyber Security Technology (CST) engineering teams throughout IPRM.

Job Responsibilities

Develop advanced security alerts for SOC consumption

Identify automation opportunities leveraging a SOAR tool to optimize SOC processes

Coordinate with different teams to complete agile project objectives

Generate reports around security events and metrics

Provide support for incident response investigations

Utilize attack simulations to test or discover alerting conditions

Participate in Threat Hunting exercises

Qualifications

Working knowledge of the incident response lifecycle and MITRE ATT&CK Framework

Familiar with various security platforms and tools, such as firewall, proxy, SIEM, and SOAR

Experienced with use case development lifecycle and risk based alerting mechanisms

Ability to analyze large data sets to identify trends and anomalies indicative of malicious activity

Ability to interact with personnel at all levels across the organization and to comprehend business imperatives

Ability to thrive in a fast-paced environment and capable of working under pressure with little direction

Experienced with investigations into common attack scenarios, such as phishing and credential validation attacks

Experienced at performing complex security investigations and root cause analysis

Familiar with cloud platforms, such as AWS and Azure, and their corresponding security toolsets

Well organized and comfortable prioritizing a wide variety of goals and objectives by risk

Thrives in team environment involving a diverse set of skills and personalities

Maintaining awareness of the cyber threat landscape

Practical understanding of network protocols and operating systems

Broad understanding of security mitigation solutions at all layers

Minimum of four years information security specific experience

Bachelor's degree in information systems or equivalent experience

Security or CYSA certification preferred

Self-driven and motivated with a strong passion for cybersecurity

Excellent verbal and written communications skills

Excellent problem solving and troubleshooting skills with a strong attention to detail