Macquarie Group

Senior Cyber Threat Defense Analyst

3+ months agoHouston, TX

Join Macquarie's Senior Cyber Threat Incident Response (CTIR) team based in our Houston office as a Cyber Threat Defense Analyst.

Join Macquarie's Cyber Threat Incident Response (CTIR) team based in our Houston office as a Cyber Threat Defense Analyst.

In this role, you will be working alongside a diverse team in multiple offices around the globe and be responsible for detecting, identifying, triaging, and mitigating threats and risks in our global cyber environment. You will also act to ensure that Macquarie's digital estate is protected from threats both known and unknown.

Your first-class technical skills are required to continuously identify, assess, and manage threats relative to the corporate risk appetite by leveraging technology and your experience to analyze data. Experience in log aggregation and analysis will be crucial in detecting and triaging potential or active security incidents.

Using your attention to detail and data driven approach you will act as an expert for the CTIR function to provide leadership, focus, and accountability for CTIR activities.

Your understanding of cyber threat as a function of human motivation, combined with your experience in actively detecting and defending against that threat utilizing a combination of standard cyber tools and your own system/platform/network knowledge, will be highly beneficial in this role alongside your similarly skilled and experienced peers.

To be successful in this role you must have a minimum of 5 years of related operational experience in large enterprise environments, as well as operational experience across Windows, UNIX, networking and hosting domains. Experience and a strong understanding of security technology and defense topologies are imperative to be successful in this role.

What is the job?

  • Triage active alerts and campaigns for potential systemic threats to our global business
  • Review daily intelligence determining its applicability to the organization and take necessary defensive actions
  • Analyze latest malware discoveries/shifts to understand how/if it would be effective in the environment
  • Create new alerts and investigation methods in relation to the ever-changing threat landscape
  • Analyze attacks and trends facing the organization and industry to better define proactive defensive measures
  • Attribute malicious activities targeting Macquarie to threat actors and groups
  • Track, provide, and present analysis into observed attacks against Macquarie
  • Investigate threat actors and discover their infrastructure, motivations, and potential future actions
  • Take proactive actions to have observed brand impersonating and malicious sites removed
  • Discover internal security concerns and raise findings with the appropriate internal teams
  • Review processes, defense plane, technologies, and alerts in search of improvement
  • Proactively seek out suspicious activity and threats within the environment, act appropriately to contain and mitigate them
  • Analyze network traffic as a log at packet level
  • Perform real-time detection, analysis, and response to threats via an EDR tool
What the ideal candidate should know/have experience with:
  • Splunk or other large log aggregation system
  • An Endpoint detection and response (EDR) platform
  • A Security Orchestration, Automation, and Response platform (SOAR)
  • Email gateway security controls
  • Analyzing Emails (e.g reading and understanding email headers, infrastructure)
  • Knowledge and experience decoding and deciphering malicious code
  • How to chase actors beyond these tools
  • Analytical mindset
  • Offensive Security/Adversarial mindset
  • Object oriented programming experience
  • Scripting language understanding (Python, Powershell, etc.)
  • Malware analysis (manual, static, and dynamic)
  • Familiarity with cloud architectures
  • Identity and Access Management (IAM)
  • User and Entity Behavior Analytics (UBA/UEBA)
  • Familiarity with the MITRE Att&ck framework
About the Corporate Operations Group

The Corporate Operations Group brings together specialist support services in Digital Transformation & Data, Technology, Market Operations, Human Resources, Business Services, Business Improvement & Strategy, and the Macquarie Group Foundation.

Our commitment to Diversity and Inclusion

The diversity of our people is one of our greatest strengths, and an inclusive workplace enables us to embrace that diversity to deliver more innovative and sustainable solutions for our people, clients, shareholders and communities. At Macquarie, you'll be encouraged to be yourself and supported to perform at your best. If you're inspired to deliver on our purpose of 'empowering people to innovate and invest for a better future', we want you on our team. If you need adjustments made to the recruitment process, please reach out to your recruiter.

All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, religion, sex, sexual orientation, national origin, age, disability, protected veteran status, genetic information, marital status, gender identity or any other impermissible criterion or circumstance. Macquarie also takes affirmative action in support of its policy to hire and advance in employment of individuals who are minorities, women, protected veterans, and individuals with disabilities.

We equip our people with the support to work in a range of flexible ways. Talk to us about what working arrangements would help you thrive.