Senior Security Analyst - Incident Response

Information Technology ATLANTA, Georgia


Description

Position at Genuine Parts Company

Sr Security Analyst - Incident Response

Responsibilities:

  • Work with a global team of security professionals to respond to security incidents and prevent imminent cybersecurity threats
  • Be a primary and/or final escalation point for critical security incidents of all type and scope for all GPC subsidiaries globally
  • Work with GPC internal IT teams and subsidiary security & IT resources in order to:
    • Ensure a constant understanding and view of GPC/subsidiary:
      • Technology Stack and Associated Vulnerabilities
      • Critical & Sensitive Data
      • Public Footprint and Associated Vulnerabilities
      • Cloud Footprint
      • Networks and Flow of Data Ingressing, Egressing & Moving Laterally
      • Critical applications and Associated Vulnerabilities
      • High Value Assets and Teams
      • 3rd Parties and Services Rendered, Shared Infrastructure, as well as any interconnections of network connectivity, API, and process.
      • Finance and HR processes
      • Overall Threat Surface
    • Respond to potential security breaches
    • Rapidly deploy security controls to environments in response to potential/current threats
    • Rapidly triage and analyze new IT environments in order to determine scope and impact of threats on a network or on systems
    • Gather artifacts such as disk images, memory dumps, log files, emails, etc. in the process of investigation
    • Lead incident response efforts through from initial detection to containment, while laying the groundwork for longer-term remediation efforts
  • Analyze malware, malicious emails, phishing attempts, web application attacks, and other threats as they occur
  • Work with the SIEM engineering team to develop instrumentation to detect threats to GPC and subsidiaries in a tailored manner to the business
  • Develop and improve processes on responding to threats including the full lifecycle of a security incident
  • Accurately classify and identify security threats as they are seen in the GPC/subsidiary environments, mapping to common frameworks such as MITRE
  • Use tools such as EDR and SIEM to identify potential security threats in existing environments
  • Stay up to date on current cybersecurity threats as they develop in real-time, understanding mitigating controls, detection techniques, and response procedures
  • Stay up to data on threats specific to the Retail, Manufacturing, and Supply-Chain industries, as well as the specific regions of GPC branches and subsidiaries
  • Train junior analysts on incident response processes and procedures
  • Reach out to and interact with GPC/subsidiary employees that may have been subject to security incidents
  • Interact with cybersecurity leadership to help provide context around current threats and metrics
  • When necessary, respond to insider threat security incidents
  • Use discretion of communication, to ensure that no sensitive investigation details are leaked internally or externally
  • Work with the MSSP to ensure that security events coming from the SIEM are triaged at a tier I level before being passed to the GPC/Subsidiary security staff for investigation
  • Coach MSSP analysts assigned to the GPC account on GPC-Specific incident response procedures and environmental factors that aid in the incident response process
  • Write detailed incident response reports that analyze security incidents from the initial vector of the incident to the remediation procedures and lessons learned

 

JOB REQUIREMENTS AND QUALIFICATIONS:

  • 10+ years of IT experience
  • 10+ years of direct experience within Incident Response
  • Bachelor’s degree in information security, computer science, or related field
  • A strong understanding of investigation theory behind incident response processes
  • Experience in an incident response role a must
  • A strong understanding of networking, the OSI model, and network security concepts, as well as internet architecture and internet security concepts
  • A strong understanding of operating systems, least privilege access, and system security concepts
  • A strong understanding of enterprise security architecture and security controls from endpoint to edge
  • Strong understanding of DNS and potential methods of abuse
  • Strong understanding of HTTP and potential methods of abuse
  • Strong understanding of Active Directory and potential methods of abuse
  • Strong understanding of Windows Operating System and potential methods of abuse
  • Strong understanding of Web Application Frameworks and potential methods of abuse
  • Strong understanding of Email Security concepts and controls
  • Familiarity with common types of malware and initial infection vectors
  • Programming experience or knowledge in an object-oriented, compiled programming language (C/C++, C#, .NET, Java, etc.)
  • Programming experience or knowledge in a web programming language such as PHP, JavaScript, ASP .NET, etc.
  • Strong experience with one or more interpreted/scripting language (bash, PowerShell, python, etc.)
  • Penetration testing experience a plus
  • Heavy Splunk SPL Preferred
  • ServiceNow experience a plus

 

Helpful Certifications:

  • GIAC Certified Incident Handler (GCIH)
  • GIAC Certified Intrusion Analyst (GCIA)
  • GIAC Reverse Engineering Malware (GREM)
  • GIAC Penetration Tester (GPEN)
  • Offensive Security Certified Professional (OSCP)
  • Certified Red Team Operator (CRTO)
  • Microsoft MCSE
  • Microsoft Azure Security Engineer Associate
  • Red Hat Certified Systems Admin (RHCSA)
  • Red Hat Certified Engineer (RHCE)
  • Cisco Certified Network Associate (CCNA)

Where permitted by applicable law, successful applicants must be fully vaccinated against COVID-19 prior to start date. COVID-19 vaccination is a condition of employment, subject to an approved accommodation, and proof of vaccination will be required on or prior to start date.

GPC conducts its business without regard to sex, race, creed, color, religion, marital status, national origin, citizenship status, age, pregnancy, sexual orientation, gender identity or expression, genetic information, disability, military status, status as a veteran, or any other protected characteristic. GPC's policy is to recruit, hire, train, promote, assign, transfer and terminate employees based on their own ability, achievement, experience and conduct and other legitimate business reasons.