Overview:
Welcome to the Cybersecurity Incident Response & Operations team (CSIRT) at Chick-fil-A. We are a dedicated group focused on identifying and responding to cyber threats against our organization. As a Senior Lead Cybersecurity Analyst, you will apply your technical experience to help build and maintain capabilities around monitoring, detecting, and responding to cybersecurity threats, serving as a technical lead and subject matter expert on the team, and helping shape our team's efforts across the business.
Our Flexible Future model offers a healthy mix of working in person and virtually, strengthening key elements of the Chick-fil-A culture by fostering collaboration and community.
Responsibilities:
- Triage and respond to security events and incidents from various sources, primarily coordinating with your peers through our SOAR platform.
-
Partner with groups outside of Cybersecurity on triage and response efforts as needed for security events and incidents.
-
Identify and propose new technologies, methodologies, and/or approaches to detecting malicious activity.
-
Collaborate with peers on threat hunting and data analytics strategy and capabilities.
-
Contribute to the maintenance of a SIEM solution through defect fixes, content updates, and new use-case development.
-
Contribute to the maintenance of a SOAR solution through content updates and new use-case development.
-
Contribute to the maintenance of anti-phishing preventative platforms through new detection and triage rule development.
-
Collaborate with external security partners on detection and response to cyber threats.
-
Research threat landscape and trends to adapt our capabilities to keep pace with malicious actors.
-
Provide investigation findings to relevant business units to help improve cybersecurity posture.
-
Identify and conduct operational intelligence analysis to identify process and capability improvement opportunities for the CSIRT team.
-
Represent CSIRT team’s perspective and objectives in consultant-like collaborative efforts with Cybersecurity peers and colleagues in DTT.
-
Participate in threat modeling collaboration with other members of the cybersecurity team.
Minimum Qualifications:
- Strong understanding of cybersecurity principles, practices, and technologies.
-
Proficiency in using security tools such as SIEM (Security Information and Event Management), SOAR (Security Orchestration, Automation, and Response), and anti-phishing platforms.
-
Experience in threat hunting, incident response, and forensic analysis.
-
Knowledge of networking protocols, operating systems, and cloud environments.
-
Familiarity with programming languages like Python, PowerShell, or scripting for automation.
-
Ability to analyze security events, incidents, and trends to identify threats and vulnerabilities.
-
Strong problem-solving skills to investigate and resolve complex cybersecurity issues.
-
Aptitude for researching and staying updated on the latest cybersecurity threats and trends.
-
Strong communication skills to articulate technical concepts to non-technical stakeholders and present findings to business units.
-
Flexibility to adapt to evolving cybersecurity threats and technologies.
Preferred Qualifications:
- Experience with Palo Alto Cortex XSOAR
-
Experience with Splunk Enterprise Security
-
Experience with Sublime Security
-
Experience with DataDog
-
Experience with AWS Cloud Services
-
Experience detecting and responding to threats in Kubernetes environments.
-
OSCP, GSEC, GCED, GCIH, CISSP, GMON
Minimum Years of Experience: 5 Required Level of Education: High School Preferred Level of Education: Bachelor's Degree