Cyber Defense Senior Analyst

As a Cyber Defense Senior Analyst, you will join the frontline of the Cyber Fusion Center, performing in-depth analysis, triage, and response to security threats by following documented policies, processes, and playbooks to meet Service Level Objectives (SLOs). The frontline team provides global 24x7 security operations and monitoring for cybersecurity events impacting Experian and is a division of Experian’s Cyber Fusion Center (CFC) which is organized under the Experian Global Security Office (EGSO). It acts as the first line of defense in Experian's broader incident response and incident management functions and is responsible for receiving, triaging, and prioritizing cybersecurity alerts, including being the dedicated point of contact for potential security incidents reported by users (e.g., Experian employees). Depending on the results of triage, this team is then responsible for investigating, containing, eradicating, and recovering from events falling in its purview or escalating higher-risk events to dedicated incident response and management teams in the CFC as necessary.

This role is critical in ensuring the effective handling of potential threats and plays a part in driving continuous improvement in security operations.

Summary of Primary Responsibilities

As the Cyber Defense Senior Analyst, you will:

• Execute daily security operations by monitoring, triaging and conducting response activities for security events and alerts associated with cyber threats, intrusions, and/or compromises alongside a team of global security analysts in accordance with documented SLOs, policies, processes, and playbooks.
• Leverage investigative experience and technical skills to effectively analyze events using security tooling and logging (e.g., SIEM, EDR) and assess potential risk / severity level of cyber threats; escalate higher-risk events to dedicated incident response and management teams in the CFC in alignment with established processes.
• Collaborate with external teams for incident resolution and escalations, driving effective incident handling
• Notify team Lead(s) of concerns related to operations, such as anomalous changes in metrics, notable open incidents, quality concerns, or observed risks; support with resolution if appropriate
• Manage and complete assigned caseload efficiently throughout the incident response lifecycle, including analysis, containment, eradication, recovery, and lessons learned; maintain high standards of quality and thoroughness to resolve events appropriately
• Maintain all case documentation, including notes, analysis findings, containment steps, and root cause for each assigned security incident. Ensure incident updates or contact with end users are performed in a timely manner and documented accordingly and that case hand-off processes are completed as appropriate, such as completing / verifying shift logs
• When requested, assist in training and onboarding of new team members to help their transition to our processes
• Develop and apply subject matter expertise in security operations processes to assist in driving improvements to relevant playbooks, Standard Operating Procedures (SOPs), and training materials
• Support management's overall strategy for CFC by participating in execution of improvement initiatives in conjunction with management's plans
• Assist the team Leads and management on use case development by suggesting enhancement or tuning of use cases to improve the security posture of Experian

Successful candidate is required to work on 12 hours rotational shift.

What We Offer

• Hybrid work model
• 20 days of annual leave
• Comprehensive medical and hospitalization coverage (including dependents)

Experian is a global data and technology company, powering opportunities for people and businesses around the world. We help to redefine lending practices, uncover and prevent fraud, simplify healthcare, create marketing solutions, and gain deeper insights into the automotive market, all using our unique combination of data, analytics and software. We also assist millions of people to realize their financial goals and help them save time and money.

We operate across a range of markets, from financial services to healthcare, automotive, agribusiness, insurance, and many more industry segments.

We invest in people and new advanced technologies to unlock the power of data. As a FTSE 100 Index company listed on the London Stock Exchange (EXPN), we have a team of 22,500 people across 32 countries. Our corporate headquarters are in Dublin, Ireland. Learn more at experianplc.com.

Education and Professional Experience:

• 3+ years or equivalent of information security experience working within a Security Operations Center or Cyber Security Incident Response Teams
• Bachelor's degree in computer science, Computer Engineering, Information Systems, Information Security, or a related field. 6+ years or more experience working within a Security Operations Center, Incident Response Team, law enforcement, or military experience may be accepted in lieu of this requirement.
• One or more professional, currently-held certifications related to Digital Forensics, Incident Response, or Ethical Hacking highly preferred (e.g., GCIH, GMON, GCED, GSOC, CEH, GCFE, GCFA, CFCE, ENCE). Information security management certifications (CISSP, CISM) or vendor-specific certifications are a plus.

Technical Knowledge and Skills:

• Demonstrate working knowledge of the Incident Response Life Cycle, MITRE ATT&CK Framework, Cyber Kill Chain, and other cybersecurity frameworks.
• Demonstrated knowledge of common intrusion methods and cyber-attack tactics, techniques, and procedures (TTPs), as well as common industry practices to investigate and respond to threats including phishing, malware, network attacks, suspicious activity, data security incidents, etc.
• Demonstrated proficiency in determining appropriate methods to contain, eradicate, and recover from a wide variety of security incidents. Provides recommendations to proactively prevent incidents from re-occurring in the future.
• Possesses an understanding of common Operating Systems (Windows, Linux, Mac OS), Networking (Firewalls, Proxies, NetFlow, etc.), Cloud Infrastructure (AWS, Azure, GCP), and Security Technologies (Anti-Virus, Intrusion Prevention, Web Application Firewalls, etc.)
• Ability to review and interpret device and application logs from a variety of sources (e.g., Firewalls, Proxies, Web Servers, System Logs, Splunk, Packet Captures, etc.) to identify root cause and determine next steps for containment, eradication, and recovery.
• Experience with common Incident Response and Security Monitoring applications such as SIEM (e.g., Qradar, Splunk), EDR (e.g., FireEye HX, CrowdStrike Falcon, Microsoft Defender, etc.); experience with Security Orchestration, Automation, and Response (SOAR) technologies such as Palo Alto XSOAR and Google Secops (Chronicle) are a plus
• Actively seeks to build advanced technical skills and hands-on knowledge in areas such as:
  • In-depth packet analysis skills, core forensic familiarity, incident response skills, public could security practices, and data fusion skills based on multiple security data sources
  • Security analysis and architecture of Azure and AWS cloud environment using security tools including Defender for Cloud, Wiz, GuardDuty, CloudTrail, or CloudWatch.
  • System administration on Unix, Linux, or Windows
  • Network forensics, logging, and event management
  • Defensive network infrastructure (operations or engineering)
  • Vulnerability assessment and penetration testing concepts
  • Malware analysis concepts, techniques, and reverse engineering
  • In-depth knowledge of network and host security technologies and products (such as firewalls, network IDS, scanners) and continuously improve these skills
  • Security monitoring technologies, such as SIEM, IPS/IDS, UEBA, DLP, among others
  • Scripting and automation

Behavioral Skills

• Demonstrate critical thinking skills, problem solving, analytical expertise, attention to detail, and the ability to function in a team-oriented, fast-paced, dynamic, global environment.
• Strong written and verbal communication skills including the ability to describe findings, concerns and/or required actions to users, teams, or leadership for potential incidents. The ability to explain technical terminology to the lay person is frequently required.
• Proven record of improving the way work is performed, originating action and ideas to drive enhancements to existing conditions and processes.
• Ability to conduct security incident investigation efforts and effectively coordinate communications
• Self-motivated and able to work with little supervision.
• Ability to participate in paid overtime when operational needs may require additional support

Our uniqueness is that we truly celebrate yours. Experian's culture and people are key differentiators. We take our people agenda very seriously and focus on what truly matters; DEI, work/life balance, development, authenticity, engagement, collaboration, wellness, reward & recognition, volunteering... the list goes on. Experian's strong people first approach is award winning; Great Place To Work™ in 24 countries, FORTUNE Best Companies to work and Glassdoor Best Places to Work (globally 4.4 Stars) to name a few. Check out Experian Life on social or our Careers Site to understand why.

Experian is proud to be an Equal Opportunity and Affirmative Action employer. Innovation is a critical part of Experian's DNA and practices, and our diverse workforce drives our success. Everyone can succeed at Experian and bring their whole self to work, irrespective of their gender, ethnicity, religion, colour, sexuality, physical ability or age. If you have a disability or special need that requires accommodation, please let us know at the earliest opportunity.

# LI-Hybrid

Experian Careers - Creating a better tomorrow together

Find out what its like to work for Experian by clicking here