Cyber Defense Detection Analyst
CME Group is the world's leading and most diverse derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career shaping tomorrow. We invest in your success and you own it, all while working alongside a team of leading experts who inspire you in ways big and small. Joining our company gives you the opportunity to make a difference in global financial markets every day, whether you work on our industry-leading technology and risk management services, our benchmark products or in a corporate services area that helps us serve our customers better. We're small enough for you and your contributions to be known. But big enough for your ideas to make an impact. The pace is dynamic, the work is unlike any other firm in the business, and the possibilities are endless. Problem solvers, difference makers, trailblazers. Those are our people. And we're looking for more.
To learn more about what a career at CME Group can offer you, visit us at www.wherefuturesaremade.com .
Description The Cyber Defense Detection Analyst position will be responsible for ensuring visibility of threats/attacks to the confidentiality, integrity, and availability of customer, business unit and corporate information. You will be a primary identifier of events requiring investigation, and you'll be responsible for determining impacts as well as executing response remediation's when required. You will become a subject matter expert in the information architecture as well as the tools, policies, and processes we utilize to protect it. You will maintain timely knowledge of the evolving threat landscape and partner with the other members of the Cyber Defense team to ensure cohesive awareness of threats and incident response, as well as maintaining a collaborative relationship with other departments who support our Cyber Defense Program. Position Responsibilities:
MINIMUM REQUIREMENTS: KNOWLEDGE, SKILLS AND ABILITIES
- Analyze information from variable sources; leverage various toolsets to gain awareness of potentially suspicious activity.
- Investigate, document events and escalate to incidents as needed
- Acts as a participant during Cyber Hunt activities at the direction of one or more Incident Response Analysts
- Monitors SIEM and logging environments for security events and alerts to threats, intrusions, and/or compromises
- Responsible for understanding the global threat landscape by working with CMEG's Cyber Threat Intelligence (CTI) team
- Escalates cyber security events according to CMEG's runbook and standard operation procedures (SOPs)
- Identify and help troubleshoot anomalies
- Subject matter expert on security related issues
- Ability to aggregate and correlate alerts from systems and/or SIEM / analytics tool to provide context, environmental awareness, baselines, and root cause analysis.
- Utilize forensic resources to understand event impacts and generate incident reports
- Monitor and investigate network and system events to preemptively determine attack.
- Perform initial investigations; identify attack vectors and mitigation tactics.
- Collaborate with technical teams to identify, resolve, and mitigate events
- Proactively provide feedback on CDT operational processes and procedures
- Documenting event analysis and writing comprehensive reports of incident investigations
- Performs other duties as requested
- Comprehensive knowledge of the OSI model
- Strong security background in network/systems/physical security, authentication, authorization and usability.
- Extensive knowledge of networking principals
- Working knowledge of IT best practices.
- Working knowledge of Intrusion Detection/Prevention Systems and rule/signature writing
- Working knowledge of packet collection and analysis tools: TCP Dump, wire shark
- Extensive knowledge of network and system level attack vectors and mitigation techniques.
- Demonstrated ability to: Differentiate between a significant event, a true positive, and a false positive. Translate raw logs into actionable intelligence.
- Previous System Administration experience
- Strong investigation and analytical skills.
- Conceptual understanding of the Cyber Kill Chain
- Strong familiarity with security issues surrounding network computing and experience in implementation of security systems and controls. Must have a thorough knowledge of information security components, principles, practices, and procedures
- Formal training or commensurate work experience in security tools (scanners, Intrusion Detection Systems, and security analysis tools both on the network and on host based systems).
- A holistic understanding of attack vectors, current threats, and remediation strategies is essential for this role.
- Have a thorough understanding of the common and uncommon threats and vulnerabilities related to applications, architectures and databases, thin clients, thick clients, mobile and virtualized applications.
- Must have good knowledge of general IT architecture infrastructure, web application, and internet security along with a general understanding of common operating systems, networking protocols, database, and application development.
- Have a firm understanding of outside security threats and risks to an information technology infrastructure and use those skills to develop custom incident response protocols as deemed necessary.
- Strong customer-service orientation.
- Strong analytical and troubleshooting skills
- High level critical thinking skills.
- Excellent written and oral communication skills.
- Excellent listening and interpersonal skills.
- Ability to communicate ideas in both technical and user-friendly language.
- Ability to conduct research into network/security issues and products.
- Comfortable working in a dynamic environment with multiple goals.
- Highly self-motivated and directed, with keen attention to detail.
- Able to prioritize and execute tasks in a high-pressure environment.
- Experience working in a team-oriented, collaborative environment.
- Ability to deal diplomatically and effectively at all levels of the organization including both technical and non-technical, management and senior leadership
Formal Education & Certification
- Experience with enterprise SIEM or Incident Management systems
- Experience with network monitoring in a CDT environment
- Experience working in a 24/7 CDT environment
- Security certifications (e.g. Security+, Network+, GCIA, GCIH, CISSP, CEH, etc.)
- Thorough understanding of fundamental security and network concepts (Operating systems, intrusion/detection, TCP/IP, ports, etc.)
- Ability to demonstrate analytical expertise, close attention to detail, excellent critical thinking, logic, and solution orientation in a fast-paced environment
- Excellent written and oral communication skills
- Willing to work in a team-oriented 24/7 CDT environment; flexibility to work on a rotating schedule (including overnight shifts)
- BA/BS in Engineering, Computer Science, Information Security, or Information Systems or related work experience