Principal Information Security Analyst-
- Consults on a senior level and provides professional support for major components of the company's information security infrastructure.
- Contributes to the development and implementation of security architecture, standards, procedures and guidelines for multiple platforms in diverse system environments.
- Consults with the business and operational infrastructure personnel regarding new and existing technologies.
- Recommends new security tools to management and reports and provides guidance and expertise in their implementation.
- Reviews and analyzes highly complex data and information to provide insights, conclusions and actionable recommendations.
- Defines, implements, and applies area-wide security and/or COB policies and standards by leveraging in-depth knowledge of globally accepted information security and/or COB principles.
- Addresses high risk security concerns or incidents. Recommends course of action to mitigate risk and ensures that appropriate standards are established and published. Contributes to the achievement of area objectives.
The Information Security Division (ISD) develops and maintains the enterprise cybersecurity strategy for BNY Mellon. ISD collaborates with its colleagues across all three lines of defense, including Technology Risk Management, Internal Audit and our businesses and information technology teams. Our emphasis on collaboration ensures the development and delivery of services that are responsive to the evolving threat landscape and drive value to our customers. The successful candidate will be part of a high performance Cyber Security Analytics team within the Information Security Division of BNY Mellon. The Cyber Security Analytics team is responsible for providing platforms, analytics and visualization to the Information Security and other functional groups within BNY Mellon with goal of detecting and preventing adversarial attacks. Position overview: This is a Sr. Threat Hunter/Playbook Engineer role which will be an integral part of the dynamic, fast-paced Cybersecurity Threat Detection team. A successful candidate will bring a positive, passionate attitude to the team's playbook and threat hunting initiatives by leveraging rich threat-hunting and specialized Splunk-related experience. As an expert in Splunk Search Processing Language (SPL), you'll be relied on to work closely with customer delivery managers, prioritize daily tasks, develop/deploy/verify advanced threat-hunting playbooks based on indicators of compromise and network anomaly detections, alerting logic, and enhance the organization's overall playbook strategy and threat analytics. Key responsibilities and deliverables:
- Responsible for understanding the Cyber Security Threat Landscape and applying innovative solutions to address threats using analytics
- Responsible for identifying Threat Detection Use cases in large, heterogeneous enterprises and implementing the techniques to surface these threats
- Build analytics that can be applied to the discovery and tracking of advanced adversaries
- Day to day management of playbook content lifecycles including customer interactions and priority, content creation, testing & tuning, version/value documentation, and finally, user-acceptance testing and effectiveness analytics.
- Utilize Git repositories to store, comment, and version on playbooks with Threat Detection customers including the Security Operations Center, Insider Threat, and SIEM Engineering among other teams.
- Participate in war-gaming and tabletop activities as part of red/blue team exercise to strengthen and test playbook health, maturity, and relevant documentation.
- Collaborate with Threat Detection team members to take lead on the design of complex SPL queries to advance searching, threat hunting, reports, dashboards, as well as Threat Detection team analytics/metrics.
- Collaborate closely with team members on the design of functional, process-oriented Splunk knowledge objects such as recurring reporting, searches, Splunk data models, macros, lookups, tags, and dashboards to combat threats and advance objectives within Cybersecurity Analytics.
- Collaborate with SIEM Engineering to ensure gaps are identified in on boarded data, CIM normalization, and correlation queries to ensure playbooks are able to be run at optimal health.
- Collaborate with SOC members, Threat Detection delivery managers, and other stakeholders to ensure customer issues and priorities are engaged via playbook work pipeline; ensure playbook processes are continually maturing including triage, escalation, incident, and change management.
- Engage in ongoing research in security tools, techniques, and procedures, as well as advance Threat Detection initiatives based on aggressive security principals, machine learning algorithms, and threat mitigation techniques.
- Ownership to reproduce, respond, document, and improve reported playbook issues as reported by Threat Detection teammates or customers.
- Proactively collaborate with Threat Detection teammates and members throughout the greater Cybersecurity organization to document actions, hurdles, and blockers with regard to work pipeline and progress.