Job Summary
The Analyst is a position within Bain's Cyber Operations Department, whose mission is to safeguard the digital assets and integrity of the organization. In this role, the Analyst understands how security measures align with the overall organizational strategy and will contribute to the development and implementation of security controls that adhere to regulatory requirements and best practices. The Analyst will monitor, analyze, and respond to potential security incidents and threats, analyze their urgency and impact to Bain, as well as implement necessary responsive measures to protect the organization's digital assets, data, and infrastructure. The Analyst Security Operations role has multiple disciplines including Security Monitoring, Incident Detection & Analysis, and more advanced disciplines in Threat Intelligence, Vulnerability Management, and Pro-Active Security Testing. Team members may spend a percentage of time across all disciplines or all of their time in a specific one.
Principal Accountabilities and % of time
Security Monitoring (40%)
Continuously monitor security systems, logs, and alerts to identify potential security incidents or vulnerabilities.
Utilize and manage various security tools, including intrusion detection systems (IDS/IPS), firewalls, SIEM (Security Information and Event Management) solutions, and antivirus software.
Stay updated and investigate the latest cyber threat intelligence, vulnerabilities, and attack techniques in our environment. Incorporate this knowledge into security monitoring and analysis.
Incident Detection & Analysis (50%)
Identify and analyze security threats, such as malware, data breaches, and unauthorized access to determine potential impact.
Generate regular and ad-hoc reports on security incidents, vulnerabilities, and trends for management and other stakeholders.
Execute and modify incident response playbooks to mitigate the effects of security alerts and restore normal operations.
Ensure that controls identified in the Policies are maintained and validated per the Policy.
Professional Development and Innovation (10%)
Stay informed about emerging trends and technologies in cybersecurity.
Work collaboratively with other security team members, IT departments, and relevant business units to address security concerns and enhance overall security posture.
Explore Professional Certifications and work with leadership to plan trainings.
Knowledge, Skills, and Abilities
Strong knowledge of Splunk (or other SIEM tools), CrowdStrike, Windows Defender, Other AV/EDR tool configuration, Cyberhaven (or other DLP tools).
Knowledge of Vulnerability & Attack Surface Management toolsets, Threat Intelligence and Analysis tools, Vendor technical Risk Scoring tools, Deception technologies.
Knowledge of ticketing, triage, and forensics capabilities and toolsets.
General Skills
Good communication skills, with the ability to document and explain technical information clearly.
Analytical mindset, with a focus on learning and problem-solving.
Ability to work independently and well in a team, showing strong interpersonal skills.
Eagerness to learn and adapt to new challenges in cybersecurity.
Entrepreneurial spirit, open to trying new approaches and learning from them.
Experience
Experience with Information Security technologies (Firewall, IPS, IDS, SIEM, EDR, CASB, AV, DLP, etc.).
Experience with common information security controls frameworks (i.e. ISO, NIST, CIS, or CSA).
Experience deploying systems or applications.
Ability to work independently and with teams on complex problems.
Complex problem solving.
Ability to work in a fast-paced, dynamic environment.
Attention to detail and priority/time management.
Strong customer service, analytic, communication (oral and written), and troubleshooting/problem-solving skills.
Experience with endpoint security control design having implemented controls such as EDR or AV.
Experience with automation of Information Security controls.
Experience with automating tasks via scripting.
Experience with common cloud security control frameworks, for example, NIST CSF or CSA.
Education
Bachelor's degree in a related field (e.g., Computer Science, Cybersecurity, Information Technology) or an equivalent combination of education, training, and experience.
Recommended Years of Relevant Experience
3-5+
Supervisory Category
Individual Contributor.
#J-18808-Ljbffr