Principal Associate, Cyber Security Operations Center (CSOC) - (Fusion) Analyst

$165,100 - $188,500/Yr

Capital One - San Francisco, CA

posted 5 months ago

Full-time - Mid Level
San Francisco, CA
10,001+ employees
Credit Intermediation and Related Activities

About the position

The Cyber Security Operation Center (CSOC) Fusion team at Capital One plays a critical role in synthesizing multi-source security alerting, intrusion investigations, cyber intelligence, and business information into actionable analysis. This position is designed for a Principal Associate who will lead technical efforts to proactively identify threats and work collaboratively across the CSOC operations. The Fusion team is responsible for providing time-sensitive analysis that empowers fellow CSOC operators in defending the network and enables leadership to make informed decisions regarding cyber threats. In this role, the associate will be tasked with conducting internal threat landscape analysis, driving cross-team initiatives to enhance detection and security, and finding innovative ways to automate analysis processes. The associate will also mentor and train other associates in executing fusion analysis responsibilities, ensuring that the team is well-equipped to handle the evolving landscape of cyber threats. The responsibilities include supporting day-to-day cybersecurity threat detection and incident response operations, identifying and enhancing processes for automation, leveraging Security Orchestration, Automation, and Response (SOAR) or Security Information and Event Management (SIEM) tools, and deconstructing multi-source reporting into actionable intelligence. The associate will also analyze malware reports, develop expertise on the Capital One threat landscape, and build relationships with partner teams to enhance collaboration and effectiveness in threat detection and response.

Responsibilities

  • Support day-to-day cybersecurity threat detection and incident response operations through indicator pivoting, campaign analysis, and tactical intelligence.
  • Identify and enhance processes where automation has the potential to improve efficiencies, provide actionable data, and facilitate collaboration across CSOC.
  • Leverage Security Orchestration, Automation, and Response (SOAR) or Security Information and Event Management (SIEM) tools to identify threat patterns, enrich investigations, and build automation-supported workflows.
  • Deconstruct multi-source reporting into actionable intelligence including Tactics, Techniques, and Procedures (TTPs) data objects, campaign analysis, and threat patterns.
  • Regularly analyze malware reports to track adversary behaviors and support the construction of a TTP repository.
  • Develop expertise on the Capital One threat landscape using internal data, threat trends, and operational metrics to clearly communicate the Capital One threat landscape to senior executives.
  • Proactively build and maintain relationships with partner teams, including Cyber Intelligence, Red Team, Insider Threat, and Hunt teams.
  • Conduct time-sensitive analysis during cyber investigations, including active threat hunting, malware analysis, and campaign enrichment.
  • Routinely identify gaps in detection and collaborate with teams across the Cyber organization to mitigate risk, including blocking of malicious indicators, tuning vendor signatures, and instrumenting custom detection rules.
  • Support the tactical intelligence-to-detection pipeline, including malware reverse engineering, TTP analysis, and association mapping in a TIP (threat intelligence platform) for future pivoting.
  • Attend conferences and briefings to stay current on threats against both Capital One and the Financial Services sector.
  • Mentor other CSOC analysts in project execution and tactical upskilling; conduct brown bag lunches to teach specialized skill sets.

Requirements

  • High School Diploma, GED or Equivalent Certification.
  • At least 4 years of experience in cyber security or information technology.
  • At least 3 years of experience working in a Security Operations Center (SOC).
  • At least 3 years of experience analyzing and tracking Advanced Persistent Threats (APT) groups.
  • At least 3 years of experience conducting threat hunting.
  • At least 3 years of experience conducting fusion intelligence analysis.
  • At least 3 years of experience with Threat Intelligence Platforms (TIPs), Security Orchestration, Automation, Response (SOAR) or Security Information and Event Management (SIEM) tools.
  • At least 1 year of malware analysis (static or dynamic) experience.
  • At least 1 year of Tactics, Techniques, and Procedures (TTP) analysis experience.

Nice-to-haves

  • Bachelor's Degree.
  • Professional certifications (CompTIA Sec+, CISSP, CEH or SANs).
  • 3+ years of experience creating detection signatures for endpoint, network or cloud platforms.
  • 3+ years of experience in a cloud environment (Amazon Web Services, Google Cloud Platform or Microsoft Azure).
  • 3+ years of experience in written and verbal briefings.
  • 4+ years of experience with cyber threat intelligence analysis and tactical analysis.
  • 3+ years of experience utilizing the MITRE ATT&CK framework, Diamond Model, or Cyber Kill Chain.

Benefits

  • Health insurance
  • Comprehensive health, financial and other benefits that support total well-being.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service