FactSet is currently seeking an experienced Incident Response Analyst to join the growing global Cybersecurity team. The hire will be part of global “Security Intel Center” Team, which is primarily responsible for detecting & responding to the ever-evolving cybersecurity Threats to the business & its assets. Areas of work include Security event Analysis, Incident Response, Digital Forensics, Security control Tuning, Threat Intelligence & Hunting in the domains of Network, Endpoint & App Security. The role will closely work with engineering teams on cross-functional projects throughout the organization & requires enthusiasm, curiosity, persistence, and a thirst for security knowledge.
Rotational Shifts: General Shift [9:30 AM – 6:30 PM]
- The role has a blend of both operational & strategic responsibilities with a split of 60-40% of time respectively.
- Triage, analyze & respond to SIEM events with articulate analysis and clear response guidance/questions to other partner teams through established collaboration mechanisms (Ticketing systems, IM platforms)
- Lead & Respond to the Incidents identified/reported through established IR procedures, playbooks & provide frequent executive & detailed investigative reports to the Executive management.
- Perform Digital forensics (collection, preservation, analysis & presenting) as required for the investigations through existing tooling & process, while ensuring the integrity of the evidence collected.
- Develop & Conduct Tabletop exercises to cover incident scenarios that test & reinforce varied technical skills, procedures, business & domain knowledge.
- Proactively identify the areas of improvement (Procedural & Technical), propose plans, collaborate with partners to get the plans implemented & report the KPI’s aligning with the overall goal of increased Visibility, Detection & efficient response.
- Develop domain & business workflow knowledge around different systems/services (including cloud) to clearly understand the risk involved, threat model & create use cases that proactively detect Threats.
- Tune Security controls to enhance the True positive rate & at the same time reduce the false negative & false positives.
- Develop comprehensive documentation & Playbooks for different process, workflows, controls & technologies, such that they can be efficiently consumed by the IR Team during response.
- Identify automation opportunities & leverage the SOAR platform to develop & implement the automated playbooks for response.
- Effectively lead the security projects/tasks assigned by taking ownership of planning, implementation & coordination.
- Own the operational queues, request prioritization, handovers, SLA adherence to achieve the agreed service levels.
- Collaborates with Departmental leadership to align with established Departmental/Organizational roadmaps.
- Participates in the on-call rotation as per the schedule for any escalations outside business hours.