CUSHMAN & WAKEFIELD OF ILLINOIS Security Operations Analyst in Saint Louis, Missouri
JOB DESCRIPTION SUMMARYThe Security Operation Analyst is responsible for understanding and responding to threats to the security of all information, networks, and computer systems, whether on-prem or cloud. The individual taking the role will monitor a variety of services and tools including the Managed Security Service, the firewalls, third party sensor/detector/rating services, internal account activity tools, and threat information services in order to predict, detect, and diagnose threat activity, and direct or participate in containment, eradication, and restoration activities in collaboration with other team in the IT organization and the business. They will also be responsible for contributing to the vulnerability management program by helping to identify, track, and remediate threats in the global enterprise environment. JOB DESCRIPTION RESPONSIBILITIES Acquire and maintain an understanding of the architecture of CandW Technology, both on-prem and in the cloud, and its operation, necessary for meeting all other responsibilities. Acquire and maintain and understanding of the company and particularly the IT organization GTS, necessary for effective collaboration in meeting all other responsibilities. Follow a comprehensive approach to management of cyber threats, both external and internal, for both client-facing applications and network, and internal applications and networks. Monitor the firewalls Palo Alto and legacy Cisco, Juniper, and others, network monitoring tools, the SEP Manager, the Managed Security Service, and other such tools for unusual activity. Develop awareness of normal network and system behavior, and detect and diagnose abnormal behavior. Triage incoming Company and Wakefield MSS issues: initial assessment and the prioritization of the event, initial determination of incident to determine risk and damage or appropriate routing of security or privacy data request. Engage, drive, or participate in the Service Management incident response process to drive containment, eradication, and restoration for small security threats; for more complex threats, engage, drive, or participate in the Security Incident Response Process, as defined in the playbooks, to contain and eradicate threats and restore normal operations that existed prior to the threats effects, working with the Service Management Team and others, including Security, Legal, HR, and various other corporate functions and service lines. Recommend improvements to or rewrite the Incident Response Playbooks. Participate in root cause analyses of major security incidents. Draft After-Action Reports AAR on Company and Wakefield incidents to analyze patterns, techniques, and data to develop sector specific intelligence to better defend Company and Wakefield assets and protect client assets. Identify and present tactical improvement ideas for incident response, investigation and threat management as well as support for general team operations to leadership team for approval and action. Support Penetration Testing exercises Track and analyze reported vulnerabilities and mitigation actions by systems owners to identify defensive gaps; areas requiring increased attention, and areas for improvement. Review and triage incoming vulnerability reports * Regularly use hands to operate office machinery including, but not limited to, telephones, computers, fax, and photocopy machines * Regularly required to walk, talk, and hear. Cushman and Wakefield is an Equal Opportunity/Affirmat ive Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, or protected veteran status..Employer's Job# R26756Please visit job URL for more information about this opening and to view EOE statement.