Lead Cyber Security Operations Center (SOC) Analyst
State Street
- Quincy, MA
- $100,000-160,000 per year
- Permanent
- Full-time
The SOC team is responsible for analyzing events from multiple sources from across a large enterprise network. The SOC will partner with multiple teams in our Cyber Fusion Center including but not limited to Advanced Threat, Cyber Threat Intelligence, & Red/Purple teams.
Join us in evolving our response capabilities to protect State Street, its customers and partners from ever-evolving and sophisticated threat actors. State Street’s Fusion Center is responsible for detecting and responding to various cyber threats 24/7 365 days a year, that are directed towards the enterprise.This role will be Monday - Friday and will be on-site in State Street's office in Quincy.What will you be responsible for:
- Leading the cyber incident response process to ensure timely triage, analysis, containment, eradication and return to service for high severity or long running incidents.
- Author incident status updates and closure reports to leadership.
- Produce post mortem reports to identify lessons learned and recommendations.
- Continuously prepare for incidents by updating and maintaining incident response plans, playbooks and procedures.
- Manage and participate in cyber related exercises such as table tops and cyber ranges.
- Measure the effectiveness and performance of the incident response process through KRI and KPI metrics.
- Identify methods to continuously enhance the incident response process
- Work closely with the SOC to drive development and collaboration
- Train and Mentor SOC personnel
- Creating an environment which drives knowledge sharing with teams across the Fusion Center.
- Help developing the Fusion Center mindset and follow the sun model
- Experience with investigating & managing major/complex cyber incidents end to end.
- Experience working/leading in a SOC or Fusion Center.
- Strong operating systems administration skills (Windows, Linux, Mac).
- Strong malware analysis expertise.
- Experience in performing memory forensics.
- Knowledge of adversarial tactics, techniques, procedures (TTPs) & Industry standard frameworks (NIST, Mitre Att&ck).
- Knowledge of IT architecture and operations (computing, network, storage & cloud)
- Strong working knowledge of security technologies including but not limited to SIEM, EDR/EPP, AV, ID/PS, HIPS, Web Proxy/Content filtering, AD, PKI and DNS
- Bachelor's in Cyber Security, Information Technology, Computer Science and/or completion of a Cybersecurity boot camp. In lieu of education requirements, relevant industry experience will be considered
- CISSP, CEH, OSCP,OSCE or GCIH or applicable certification in Security field
- 4+ years in a cyber security SOC/IR type skill role – Incident Response, SOC Tier 3/Lead Analyst, Threat Hunter, Penetration testing, etc.
- Financial Services experience a plus.
- Software development and/or scripting experience a plus: Python, Powershell, SQL etc.