Sr. Analyst – Cyber Security Intel

About the job

Sr Analyst

1.0 Overview

The Senior Cyber Security Intelligence Analyst will support the Cyber Security Department with the identification and investigation of network computer intrusions and other assignments relating to advancing the cyber investigation and response practice. Responsible for supporting the development of Incident Response (IR) tools, development of IR and cyber security protocols, development of advanced network intrusion detection protocols, information and intelligence sharing with the INFOSEC office.

2.0 Responsibilities

 Investigate network intrusions and other cyber security breaches to determine the cause and extent of the breach.

 Research, develop, and recommend hardware and software needed for Incident Response and develop policies and procedures to analyze malware.

 Participate in technical meetings and working groups to address issues related to malware security, vulnerabilities, and issues of cyber security and preparedness.

 Collaborate with the Director of Cyber Security and INFOSEC to facilitate an effective IR program.

 Prepare, write, and present reports and briefings.

 Thoroughly investigate instances of malicious code to determine attack vector and payload.

 Develop high performance, false positive free, signature-based network level, and malware detection schemes.

 Participate in special forensic investigations as required, including collection, preservation of electronic evidence.

 Preserve and analyze data from electronic data sources, including laptop and desktop computers, servers, and mobile devices.

 Preserve, harvest, and process electronic data according to the department’s policies and practices on an as necessary basis.

 Triage and track potential threats and alerts from multiple sources, and spot trends

 Create filters, reports, dashboards, and alerts to surface potentially unwanted activity

 Create and update existing playbooks and runbooks, working with multi-functional team members to maintain high-quality work products

 Conduct and document the incident life cycle, managing and coordinating security incidents, escalating, and providing other support

 Create or propose automated tooling or streamlined processes to quickly tackle incidents and issues as they arise

 Participate in enterprise-wide operations to hunt for adaptable and previously unknown threats

 Develop creative new approaches to accelerate threat detection, responses, and remediation of security incidents in a global organization

 Participate in each pillar of security through mentorship, training, and project opportunities

 Detect, respond to, investigate and remediate security events in an enterprise environment

 Develop, implement and automate strategies, applying best practices and threat intelligence to tune tools and rules for detecting and remediating malicious activity

 Participate in enterprise-wide operations to hunt for adaptable and previously unknown threats

 Strategically define and implement additional detective capabilities or data sources to improve telemetry

 Create and investigate alerts from detective telemetry and tune rules to increase fidelity, leveraging frameworks such as the ATT&CK matrix

 Perform retrospective analysis using network, host, memory, and other artifacts from multiple operating systems and applications

 Analyst SME for security tools deployed across the organization.

 Provide in-depth analysis of security alerts and make recommendations to improve security posture.

 Monitor external data sources (e.g. cyber defense vendor sites, CERT) to remain current with threat conditions and determine which security issues may have an impact on the enterprise.

 Provide cybersecurity recommendations to leadership based on significant threats and vulnerabilities.

 Support the construction of signatures which can be implemented on cyber defense tools in response to new or observed threats

 Partner with security teams to provide guidance and support in implementing new projects.

 Participate in global security or IT projects ensuring security operations goals are met.

 Periodically review the incident response process and propose improvements.

 Identify and monitor relevant operational metrics.

 5-7 years in an enterprise security or threat analyst role

 Experience tuning, improving and devising new ways to collect signal, reduce noise, and identify suspicious events in corporate and SAAS environments; experience using Splunk a plus

 Experience with log or data analysis, extracting salient data points to determine an event’s impact and root cause

 Experience applying threat intelligence to operational capabilities for improved detective capability

 Broad exposure to many security disciplines and deeper understanding of models and principles behind core security concepts

 Strong communication and collaboration skills

 Well-developed analytic, qualitative, and quantitative reasoning skills and demonstrated creative problem-solving abilities.

 Understanding of basic forensic processes and procedures and open to developing these skills

 Ability to anticipate and respond to changing priorities, and operate effectively in a dynamic demand-based environment, requiring extreme flexibility and responsiveness to business unit matters and needs

 Evening and weekend hours may be required.

 An investigative mindset and an interest in furthering your career in security engineering or analysis

 Flexibility in adapting previous experience to fit the needs and culture of our unique team

 Experience analyzing events or incidents to triage the issue or find the root cause

 Ability to translate inbound triage requests into actionable, team-specific work items and repeatable runbooks

 User or customer support experience, working with users to understand the issues presented

 Self-motivated with the ability to work independently

 Broad exposure to security disciplines and understanding of models and principles behind core security concepts

 Well-developed analytic, qualitative, and quantitative reasoning skills.

 Deep knowledge of security operations tools – SIEM, endpoint security tools, intrusion detection

 Good understanding of security processes and SOC activities

 Experience with threat assessment, vulnerability analysis, risk assessment, information gathering, correlating and reporting

 Experience conducting malware analysis

 Knowledge of computer forensic best practices and industry standard methodologies for acquiring and handling of digital evidence.

 You will maintain a proficiency in technical tools, countermeasures and techniques.

 Identify both tactical and strategic solutions.

 Work independently and in a cross functional team.

 Experience teaching and mentoring others in technical and analytical skills.

 Broad knowledge of operational and security processes/controls (e.g. vulnerability management, patch management, etc.).

Wynn Resorts is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture. Wynn Resorts does not discriminate on the basis of disability, veteran status or any other basis protected under federal, state or local laws.protected under federal, state or local laws.