Lead Cyber Defense Analyst - Remote

Company Description

Experian is a global data and technology company, powering opportunities for people and businesses around the world. We help to redefine lending practices, uncover and prevent fraud, simplify healthcare, create marketing solutions, and gain deeper insights into the automotive market, all using our unique combination of data, analytics and software. We also assist millions of people to accomplish their financial goals and help them save time and money.

We operate across a range of markets, from financial services to healthcare, automotive, agribusiness, insurance, and many more industry segments.

We invest in people and new advanced technologies to unlock the power of data. As a FTSE 100 Index company listed on the London Stock Exchange (EXPN), we have a team of 22,500 people across 32 countries. Our corporate headquarters are in Dublin, Ireland. Learn more at experianplc.com.

Description

As a Cyber Defense Lead, you will join Experian's Cyber Fusion Center, performing in-depth analysis, evaluation and response to security threats. The team provides global 24x7 security operations and monitoring for cybersecurity events affecting Experian. It is the first line of defense in Experian's broader incident response and incident management responsibilities. The team receives and triages cybersecurity alerts, including being the dedicated contact for potential security incidents reported by users (e.g., Experian employees). You will report into the Sr. Manager of SecOps and Threat Detection.

• Monitor the daily operations of the team, being the primary liaison between analysts and leadership
• Provide advanced support and act as a designated contact for the Cyber Defense Analysts (e.g., consulting on investigation / analysis)
• Oversee response activities for security events and alerts associated with cyber threats, intrusions, or compromises
• Use investigative experience and technical skills to analyze events using security tooling and logging (e.g., SIEM, EDR) and assess potential risk
• Monitor for anomalous changes in metrics, notable open incidents, quality concerns, or observed risks
• Complete assigned caseload throughout the incident response lifecycle, including analysis, containment, eradication, recovery, and lessons learned
• Ensure incident updates are performed, documented and that case hand-off processes are completed
• Be a mentor to Cyber Defense Analysts, providing feedback on the quality of work to analyst(s) and management
• Lead the development of relevant Standard Operating Procedures (SOPs), and training materials
• Collaborate with the Cyber Threat Intelligence (CTI) and content development teams (Threat Detection Engineering) on use case developments

• 5+ years of information security experience working within a Security Operations Center or Cyber Security Incident Response Teams; at least 1 of which ideally includes experience as a team lead
• Bachelor's Degree in Computer Science, Computer Engineering, Information Systems, Information Security, or a related field.
• History of interpreting device and application logs from a variety of sources (e.g., Firewalls, Proxies, System Logs, Splunk) to identify cause
• 1+ professional certifications related to Digital Forensics, Incident Response, or Ethical Hacking(e.g., GCIH, GMON, GSOC, CEH, GCFA, ENCE)
• Information security management certifications (CISSP, CISM)
• Knowledge of the Incident Response Life Cycle, MITRE ATT&CK Framework, and Cyber Kill Chain
• Understanding of common Operating Systems (Windows, Linux, Mac OS), Networking (Firewalls, Proxies, NetFlow), Cloud Infrastructure (AWS, Azure, GCP), and Security Technologies (Anti-Virus, Intrusion Prevention, Web Application Firewalls)
• Experience with Security Monitoring applications such as SIEM (e.g., QRadar, Splunk), EDR (e.g., CrowdStrike Falcon, Microsoft Defender)
• Experience with SOAR technologies such as Palo Alto XSOAR and Google SecOps (Chronicle)
• Security analysis and architecture knowledge using tools including Defender for Cloud, Wiz.io, GuardDuty, CloudTrail, or CloudWatch.
• Record of improving the way work is performed, originating action and ideas to lead enhancements to existing processes.
• Abvailable to work outside of normal work hours to respond to cybersecurity incidents

• Great compensation package and bonus plan
• Core benefits including medical, dental, vision, and matching 401K
• Flexible work environment, ability to work remote, hybrid or in-office
• Flexible time off including volunteer time off, vacation, sick and 12-paid holidays
• Explore all our exciting benefits here: https://yourexperianbenefits.com/cand-index.html