Principal Associate, Cyber Security Operations Center (CSOC) - (Fusion) Analyst

$165,100 - $188,500/Yr

Capital One - McLean, VA

posted 4 months ago

Full-time - Mid Level
McLean, VA
Credit Intermediation and Related Activities

About the position

The Cyber Security Operation Center Fusion team at Capital One plays a critical role in synthesizing multi-source security alerting, intrusion investigations, cyber intelligence, and business information into actionable analysis. This time-sensitive analysis is essential for empowering fellow CSOC operators in defending the network and enabling leadership to make informed decisions in the face of cyber threats. As a Principal Associate, the individual will serve as a technical team leader, proactively identifying threats and collaborating across the SOC CSOC operations with contextualized tactical intelligence. This role involves driving cross-team initiatives aimed at improving detection and security, conducting internal threat landscape analysis, and innovating new methods to automate analysis processes. Additionally, the associate will mentor and train other associates in executing fusion analysis responsibilities. In this position, the associate will support day-to-day cybersecurity threat detection and incident response operations through various methods, including indicator pivoting, campaign analysis, and tactical intelligence. They will identify and enhance processes where automation can improve efficiencies, provide actionable data, and facilitate collaboration across the CSOC. Utilizing Security Orchestration, Automation, and Response (SOAR) or Security Information and Event Management (SIEM) tools, the associate will identify threat patterns, enrich investigations, and build automation-supported workflows. The role also requires deconstructing multi-source reporting into actionable intelligence, including Tactics, Techniques, and Procedures (TTPs) data objects, campaign analysis, and threat patterns. The associate will regularly analyze malware reports to track adversary behaviors and support the construction of a TTP repository. Developing expertise on the Capital One threat landscape using internal data, threat trends, and operational metrics is crucial for effectively communicating the threat landscape to senior executives, including the Chief Information Security Officer and Chief Information Officer. Building and maintaining relationships with partner teams, such as Cyber Intelligence, Red Team, Insider Threat, and Hunt teams, is also a key responsibility. The associate will conduct time-sensitive analysis during cyber investigations, including active threat hunting, malware analysis, and campaign enrichment, while routinely identifying gaps in detection and collaborating with teams across the Cyber organization to mitigate risks. This includes blocking malicious indicators, tuning vendor signatures, and instrumenting custom detection rules. The role supports the tactical intelligence-to-detection pipeline, including malware reverse engineering, TTP analysis, and association mapping in a Threat Intelligence Platform (TIP) for future pivoting. The associate will also attend conferences and briefings to stay current on threats against both Capital One and the Financial Services sector, while mentoring other CSOC analysts in project execution and tactical upskilling through initiatives like brown bag lunches to teach specialized skill sets.

Responsibilities

  • Support day-to-day cybersecurity threat detection and incident response operations through indicator pivoting, campaign analysis, and tactical intelligence.
  • Identify and enhance processes where automation has the potential to improve efficiencies, provide actionable data, and facilitate collaboration across CSOC.
  • Leverage Security Orchestration, Automation, and Response (SOAR) or Security Information and Event Management (SIEM) tools to identify threat patterns, enrich investigations, and build automation-supported workflows.
  • Deconstruct multi-source reporting into actionable intelligence including Tactics, Techniques, and Procedures (TTPs) data objects, campaign analysis, and threat patterns.
  • Regularly analyze malware reports to track adversary behaviors and support the construction of a TTP repository.
  • Develop expertise on the Capital One threat landscape using internal data, threat trends, and operational metrics to communicate the threat landscape to senior executives.
  • Proactively build and maintain relationships with partner teams, including Cyber Intelligence, Red Team, Insider Threat, and Hunt teams.
  • Conduct time-sensitive analysis during cyber investigations, including active threat hunting, malware analysis, and campaign enrichment.
  • Routinely identify gaps in detection and collaborate with teams across the Cyber organization to mitigate risk.
  • Support the tactical intelligence-to-detection pipeline, including malware reverse engineering, TTP analysis, and association mapping in a TIP for future pivoting.
  • Attend conferences and briefings to stay current on threats against both Capital One and the Financial Services sector.
  • Mentor other CSOC analysts in project execution and tactical upskilling.

Requirements

  • High School Diploma, GED or Equivalent Certification.
  • At least 4 years of experience in cyber security or information technology.
  • At least 3 years of experience working in a Security Operations Center (SOC).
  • At least 3 years of experience analyzing and tracking Advanced Persistent Threats (APT) groups.
  • At least 3 years of experience conducting threat hunting.
  • At least 3 years of experience conducting fusion intelligence analysis.
  • At least 3 years of experience with Threat Intelligence Platforms (TIPs), Security Orchestration, Automation, Response (SOAR) or Security Information and Event Management (SIEM) tools.
  • At least 1 year of malware analysis (static or dynamic) experience.
  • At least 1 year of Tactics, Techniques, and Procedures (TTP) analysis experience.

Nice-to-haves

  • Bachelor's Degree.
  • Professional certifications (CompTIA Sec+, CISSP, CEH or SANs).
  • 3+ years of experience creating detection signatures for endpoint, network or cloud platforms.
  • 3+ years of experience in a cloud environment (Amazon Web Services, Google Cloud Platform or Microsoft Azure).
  • 3+ years of experience in written and verbal briefings.
  • 4+ years of experience with cyber threat intelligence analysis and tactical analysis.
  • 3+ years of experience utilizing the MITRE ATT&CK framework, Diamond Model, or Cyber Kill Chain.

Benefits

  • Comprehensive health insurance coverage.
  • Financial benefits including performance-based incentive compensation, which may include cash bonuses and/or long-term incentives.
  • Support for total well-being through various health, financial, and other benefits.
  • Eligibility for benefits varies based on full or part-time status, exempt or non-exempt status, and management level.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service