Cyber Incident Response Lead Analyst
Brighthouse Financial is on a mission to help people achieve financial security. As one of the largest providers of annuities and life insurance in the U.S., we specialize in products designed to help people protect what they've earned and ensure it lasts. We are built on a foundation of experience and knowledge, which allows us to keep our promises and provide the value they deserve.
At Brighthouse Financial, we're fostering a culture where diverse backgrounds and experiences are celebrated, and different ideas are heard and respected. We believe that by creating an inclusive workplace, we're better able to attract and retain our talent, provide valuable solutions that meet the needs of our advisors and their clients, and deliver on our mission of helping more people achieve financial security. We're seeking passionate, high-performing team member to join us. Sound like you? Read on. How This Role Contributes to Brighthouse Financial:
Our IT Security / BCP team is looking for a strong Cybersecurity Analyst to monitor network security systems and identify potential cybersecurity threats. Reporting into the Head of Cybersecurity Operations, the Security Analyst will be part of the Computer Security Incident Response Team (CSIRT) that leverages multiple security technologies and resources to identify, investigate and respond to cybersecurity threats facing BHF's SaaS cloud environment.
The Cybersecurity Analyst will be responsible for daily cybersecurity activities and serve as the primary responder for Tier 2 and 3 incident reporting to the Brighthouse Security Operations Center (SOC). Additionally, you will support ad-hoc technical investigations, drives process improvement and support new threat detection capabilities. Key Responsibilities:
Essential Business Experience and Technical Skills:
- Monitor and identify cybersecurity / information technology related incidents that involve enterprise systems and data including personally identifiable information (PII).
- Detect, investigate and report cybersecurity incidents.
- Maintains and enhances the vulnerability testing and remediation process.
- Create cybersecurity reporting metrics, dashboards and scorecards.
- Help improve the overall security posture by independently verifying the security of enterprise systems, and to ensure the timely dissemination of security information to the appropriate stakeholders.
- Analyze firewall logs, Full Packet Capture (PCAP), IDS alerts, Anti-malware alerts, Host Intrusion Prevent System (HIPS), and server and application logs to investigate events and incidents for anomalous activity and produce reports of findings.
- Collaborate with SaaS support partners to ensure processes and controls are operating as designed
- Work with SaaS support partners to provide effective incident response (IR)
- Conduct reviews and analysis of proxy logs, Microsoft Windows and Active Directory logs, Orchestrator logs, and malicious code to identify, contain, eradicate, and ensure recovery from incidents.
- Develop and maintain playbooks to help analysts respond to cyber threats
- Provide guidance and leadership for on-site investigations and forensics
- Maintain chain of custody in accordance with incident handling procedures and in compliance with NYDFS and other applicable regulations and frameworks.
- Collaborate across organizational lines through participation in regular IR working group sessions.
- Bachelor's degree or equivalent experience
- Excellent verbal and written communication skills
- Knowledge and understanding of cybersecurity industry best practices
- Knowledge and understanding of SaaS cloud security and services including; O365, Azure, AWS, GCP
- Knowledge and understanding of vulnerability identification, remediation and reporting.
- Knowledge and understanding of PCI-DSS, NIST, NYDFS, FISAC cybersecurity framework.
- Strong interpersonal skills working directly with, MSP, MSSP, VIP end users in a highly visible and mission critical environment.
- Intermediate knowledge and experience of MS Office (Word, Excel, PowerPoint, etc.).
- Knowledgeable and experience with security threat detection and reporting tools.
- Information Technology Industry Certifications: Must have two (2) information/cybersecurity certifications or agree to obtain certifications within nine (9) months of hire.
Along with the basic qualifications, the candidate will need to have 3+ years of cybersecurity experience in the following areas:
- Cloud Security, Computing and Storage
- E-mail security, DLP, ATP, SEP, McAfee
- Cybersecurity threat detection, monitoring and reporting
- Incident Response
- Vulnerability Management
- Cyber Intelligence and Threat Hunting
Preferred Information Security certifications (must have two or more within 9 months of employment)
- CCNA Security
- CEH - Certified Ethical Hacker (CEH) (preferred)
- Computer Hacking Forensics Investigator (CHFI) (preferred)
- ECIH- Certified Incident Handler (preferred)
- Certified Network Defender (CND)
- EC Council Certified Security Analyst (ECSA)