Sr. Threat Intelligence AnalystApply Job ID: R-011920 Date posted: 11/20/2020 Primary Location SC-Fort Mill
This person will play a critical role in our Cybersecurity operations team to ensure customer data is secure and private, and our systems are protected in the cloud. You will proactively detect cyber threats and security incidents as part of an integrated cyber security operations team. You will identify, analyze, and report threats within the cloud environment, by using defensive measures and information collected from a variety of sources, to protect data and cloud service operations. Execute penetration testing and vulnerability assessment on cloud services. Execute critical cyber security operations activities - incident response, vulnerability management, analysis, threat hunting, event management and recovery.
Able to work across multiple applications, cloud providers and technology stacks to support an effective cybersecurity organization.
Provide hands-on technical expertise to design, engineer, deploy, and deliver secure Cloud services including driving improvements in technical architecture, standards and processes.
Experienced with SIEM, SOAR and other cloud cyber security tools such as Splunk, Alert Logic, Dome9.
- Work with engineering, compliance and other teams to own design and implementation of security related tools, components and services.
- Provide expert advice and consultancy to internal customers on risk assessment, threat modeling and fixing vulnerabilities.
- Evangelize security and be an advocate for customer trust.
- Develop training materials for general security awareness and specific security technology training.
- Work as an individual contributor responsible for protecting traditional networks and cloud environments. This role is focused on data analysis, event correlation and supporting the incident response team.
- Identification of and correlation with other data sources to enhance security event detection, monitoring and response capabilities.
- Provide analytic support of large scale and complex security incidents such as targeted attacks and network/system infiltration.
- Create and maintain informative technical and procedural documentation for various teams\stakeholders for others to effectively understand and use the data product/tools.
- Work closely with a team of security/network subject matter experts and incident managers/analysts to understand the current environment.
- Develop data-driven risk criteria for prioritization of host-based security events.
- Develop dashboards and reports to identify potential threats, suspicious/anomalous activity and insider threats.
Essential Business Experience and Technical Skills:
- Bachelor's degree in computer science, related field, or equivalent work experience.
- 4 - 6 years of relevant experience
- Experience with regular expression and scripting languages, including Python or PowerShell
- Experience with Windows Enterprise security or systems administration
- Experience with SIEM and SOC, including Qradar, Splunk ES, or ArcSight
- Experience conducting security reviews, threat models, and assessments for Cloud Solutions.
- Several years of cloud security experience including architecture and code reviews.
- Knowledge of threat modeling or other risk identification techniques
- Knowledge of application security vulnerabilities and remediation techniques
- Knowledge of network and web related protocols (e.g., TCP/IP, TLS, routing protocols)
- Demonstrated hands-on experience with AWS or Azure Cloud Security Services and Practices.
- Demonstrated hand-on experience with Identity and Access Management.
- Proficiency with Python (2 & 3), PowerShell, and Bash (other scripting/dev languages a plus, particularly JS);
- Strong knowledge of network protocols and various operating systems such as Windows and Unix
- Experience with data analytics and threat hunting, including ELK, Splunk, Apache Spark, or AWS Stack
- Experience with forensic tools, including FTK and Encase
- Experience with endpoint telemetry, including Carbon Black, HX, Falcon, or Endgame
- Experience with offensive tools, including Mimikatz, Metasploit, and Empire
- Ability to analyze malware, extract indicators, and create signatures
- Possession of excellent collaborative skills
- Security certifications: CISSP, CISM or GIAC preferred.
- Cyber Threat Hunting and Intelligence:
- React to Endpoint Detection and Response (EDR) alerts
- Perform threat hunting for malicious network activity leveraging an analytics platform
- Perform examination and triage for potential security incidents
- Manage sandbox malware detonation to assist with threat research
- Resolve cybersecurity incident tickets
- Extensive experience in Incident Response, Incident Handling and Security Operations
- Ability to conduct multi-step breach and investigative analysis to trace the dynamic activities associated with advanced threats
- Perform investigation and escalation for sophisticated or high severity security threats or incidents
- Serve as an escalation resource and mentor for other analysts
- Advanced knowledge and expertise of using SIEM technologies for event investigation
- Work with other security partners developing and refining correlation rules
- Coordinate evidence/data gathering and documentation and review Security Incident reports
- Provide recommendations for improvements to client's Security Policy, Procedures, and Architecture based on operational insights
- Basic understanding of incident handling/incident response techniques within a cloud-based environment such as Google Cloud, Azure or AWS
- Define and assist in the creation of operational and executive reports
At LPL, we believe that objective financial guidance is a fundamental need for everyone. As the nation’s leading independent broker-dealer, we offer an integrated platform of proprietary technology, brokerage, and investment advisor services. We provide you with a work environment that encourages your creativity and growth, a leadership team that is supportive and responsive, and the opportunity to create a career that has no limits, only amazing potential.
We are one team on one mission. We take care of our advisors, so they can take care of their clients.
Because our company is not too big and not too small, you can seize the opportunity to make a real impact. We are committed to supporting workplace equality, and we embrace the different perspectives and backgrounds of our employees.We also care for our communities, and we encourage our employees to do the same. This creates an environment in which you can do your best work.
Want to hear from our employees on what it’s like to work at LPL? Watch this!
We take social responsibility seriously. Learn more here
Want to see info on our benefits? Learn more here
Join the LPL team and help us make a difference by turning life’s aspirations into financial realities. Please log in or create an account to apply to this position. Principals only. EOE.
Information on Interviews:
LPL will only communicate with a job applicant directly from an @lpl.com email address and will never conduct an interview online or in a chatroom forum. During an interview, LPL will not request any form of payment from the applicant, or information regarding an applicant’s bank or credit card. Should you have any questions regarding the application process, please contact LPL’s Human Resources Solutions Center at (800) 877-7210.