Avant - Chicago, IL
posted 1 day ago
About the position
The Senior (Tier 2) CTOC Analyst is a key player in monitoring, analyzing, and responding to security events across the organization. This role involves handling complex incidents, conducting threat hunts, and supporting all phases of the incident response lifecycle. The Senior Analyst will also mentor junior analysts, providing day-to-day guidance on analysis techniques, tool utilization, and best practices for incident response to build a stronger, more resilient CTOC team. Additionally, this role includes managing moderately large projects, with minimal supervision, and employing creative problem-solving to address a wide variety of security challenges. Reporting to the CTOC Manager, you will collaborate with cross-functional teams and external partners, ensuring alignment with industry standards such as NIST, MITRE ATT&CK, and CIS Controls.
Responsibilities
- Actively monitor and respond to security alerts and incidents, conducting both initial triage and advanced analysis to assess escalation needs.
- Execute containment, eradication, and recovery actions for incidents, and conduct proactive threat hunting based on threat intelligence and dark web insights.
- Provide day-to-day mentorship to junior analysts, enhancing their technical skills, analysis techniques, and understanding of threat landscapes.
- Perform in-depth root cause analysis on security incidents, document findings comprehensively, and offer actionable insights to support cross-functional teams in decision-making.
- Leverage and optimize SIEM, EDR, and security orchestration tools to improve detection and response efficiency.
- Analyze and integrate threat actor tactics, techniques, and procedures (TTPs) into CTOC processes, focusing on high-priority threats such as ransomware, insider threats, and advanced persistent threats (APTs).
- Participate in information-sharing initiatives with peers, ISACs, and other partners to enhance situational awareness, improve response strategies, and strengthen collaboration.
- Assist in creating and refining incident response playbooks and SOPs, ensuring alignment with NIST CSF, CIS Controls, and other frameworks.
- Manage moderately large projects independently, from planning to execution, ensuring timely delivery of outcomes.
- Lead post-incident reviews to identify lessons learned, suggest process improvements, and drive changes that enhance future response capabilities.
Requirements
- 3-5 years in information security, preferably within a 24/7 CTOC or similar environment, monitoring cloud-native infrastructure.
- Proficiency with operational security controls such as SIEM platforms, EDR, IDS/IPS, DLP, and data analysis.
- Comprehensive understanding of cybersecurity principles, network protocols, and regulatory compliance (e.g., PCI, FTC Safeguards).
- Familiarity with frameworks such as MITRE ATT&CK, CIS Controls, and NIST CSF.
- Proven experience mentoring junior analysts, focusing on technical skill development and enhancing analytical thinking.
- GCED, GCIH, GCIA, CISSP, or equivalent certification(s) is preferred.
Nice-to-haves
- Ability to communicate complex security concepts clearly to stakeholders at all levels.
- Strong organizational skills, adaptability, and the ability to make sound decisions under pressure.
- Demonstrated integrity, commitment to continuous improvement, and the ability to handle a wide variety of issues creatively and independently.
Benefits
- Choice of great Medical, Dental, and Vision Insurance Plan options
- 401(k) Match
- Unlimited Paid Time Off
- Flexible Work Environment
- Generous Paid Parental Leave
- Lunch Allowance (Fooda) and In-office Snacks
- WFH Stipends for our Remote Employees
- Access to LinkedIn Learning for Professional Development
- No Meeting Wednesdays - (a.k.a. planned time to Get Sh!t Done)
- Summer Fridays
- Fun In-Office and Virtual Social Events
- And who doesn't love the swag
