Senior Information Security Operations Analyst - Threat & SIRT

First American Financial - Elk Grove Village, IL

posted 2 months ago

Full-time - Mid Level
Remote - Elk Grove Village, IL
51-100 employees
Insurance Carriers and Related Activities

About the position

First American Bank, founded in Chicago, has expanded throughout Wisconsin and Florida, becoming the largest privately held bank in Illinois with over 60 locations and assets exceeding $5 billion. As a community bank with international expertise, we uphold traditional values while embracing a forward-looking philosophy. Our employees possess the experience and vision necessary to meet the needs of savers, borrowers, and businesses in the 21st century. We offer a unique level of visibility, career growth, and stability that is often hard to find in larger corporations. The Senior Information Security Operations Analyst plays a critical role in overseeing Security Operations to ensure the confidentiality of sensitive data and the implementation of proper systems and processes to protect against threats. This position requires outstanding problem-solving skills, meticulous attention to detail, and a solid understanding of cybersecurity and the specific requirements of the financial sector. The analyst will be responsible for analyzing a variety of network and host-based security logs, guiding remediation efforts, and administering antivirus activities and email gateway issues. Additionally, the analyst will assist with security-related software and firmware to maintain security and service continuity, participate in security incident response, and provide oversight of security alert detection and analysis capabilities. The role also involves identifying and analyzing new and emerging threats, processing Information Security due diligence requests, and evaluating improvements to the company's information systems control environment. The analyst will create and maintain dashboards for visibility of Information Security Governance activities and provide security recommendations to team members and stakeholders. Keeping up-to-date with the IT security industry, assessing system configurations, and participating in vulnerability assessments and security audits are also key responsibilities. The position requires a proactive approach to identifying potential Information Security risks and issues, along with the ability to communicate effectively with both internal and external contacts.

Responsibilities

  • Oversee Security Operations work carried out cross functionally by first line control owners.
  • Analyze a variety of network and host-based security logs (Firewalls, NIDS, HIDS, Syslog) and guide remediation of gaps.
  • Administer, monitor, and guide troubleshooting antivirus activities and email gateway issues.
  • Assist with security-related software and firmware (e.g., endpoint, vulnerability scanners, firewalls, IPS/IDS, DNS, proxy) to maintain security and service continuity.
  • Assist with the resolution of security-related infrastructure.
  • Participate in security incident response through in-depth, technical (log, forensic, malware, packet) analysis.
  • Provide oversight of security alert detection and analysis capabilities across multiple technologies to ensure that security incidents are identified in a timely manner.
  • Escalate and support potential security incidents in line with appropriate processes.
  • Support communications of potential security incidents via multiple channels.
  • Participate in the response to potential security incidents by identifying and communicating relevant supplementary information.
  • Identify and analyze new and emerging threats to determine impacts to the Bank and provide guidelines and recommendations pertaining to opportunities to strengthen the Bank's security landscape across the defense layers.
  • Process Information Security due diligence requests and ensure compliance to policies, procedures, and regulations both internally and for third parties.
  • Evaluate and recommend improvements to the company's information systems control environment, risk management and Information Security audit processes to reduce duplicate audit requests.
  • Create and maintain dynamic dashboards and/or scorecard for visibility of Information Security Governance activities.
  • Provide security recommendations to other team members, management, and business stakeholders for solutions, enhancements to existing systems, and new security tools to help mitigate security vulnerabilities and automate repeatable tasks.
  • Maintain up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
  • Assess system configurations of company solutions as per the established baselines, for those security systems solutions that are partially or wholly operated by the InfoSec team.
  • Identify security requirements, based upon need or as the result of a security issue that puts organizations systems at risk.
  • Participate in the monitoring all in-place security solutions for efficient and appropriate operations.
  • Aid in the design and execution of vulnerability assessments, penetration tests and security audits.
  • Participate in the identification of security breaches detected by security systems, and in the tracking, investigation, and resolution of these incidents.

Requirements

  • A degree in Information Technology/Computer Information Systems or related field.
  • SANS, IA, GIAC, SSL, DHCP, DNS, SSCP, CISSP, CISA, CISM, CEH, Security+ and/or similar certifications is a plus.
  • Minimum eight years of experience supporting Information Security Operations, Threat Intelligence, Threat Modeling, and Security Incident Response.
  • Expert in detecting policy violations or security incidents using log management platforms and SIEM.
  • Expert in working with threat prevention and intrusion detection systems.
  • Well-rounded host and network security expertise.
  • Ability to script and automate repetitious tasks.
  • Experience with identity management platforms and protocols like SAML and OAuth to REST.
  • Security subject matter knowledge and experience in anti-virus, anti-SPAM, intrusion detection, encryption, and general security policy.
  • Proven experience in proactively identifying potential Information Security controls risks, issues, and opportunities through analytical thinking and offering sustainable recommendations that address root cause rather than symptoms.
  • Strong understanding of security and control frameworks, such as FFIEC, NIST, COBIT, ITIL, ISO, SANS control framework, 800-53, NIST CSF, CIS Top 20, FFIEC Cybersecurity Assessment tool, GLBA preferred.
  • Experience working in a highly regulated industry (financial services or health care) desired.
  • Familiarity with software development process and practice and banking technologies and applications a plus.
  • High level of personal integrity, and the ability to professionally handle confidential matters while exuding appropriate level of judgment and maturity.
  • Ability to blend exceptional attention to detail with an ability to retain strategic direction within a rapidly evolving entrepreneurial business culture.
  • Ability to conduct research into security issues and products as required.
  • Strong team player yet self-motivated and able to make progress independently.
  • Highly organized with proven analytical and problem-solving abilities with ability to effectively prioritize and execute tasks in a high-pressure environment.
  • Must be professional, comfortable speaking with external and internal contacts with a demonstrated ability to effectively tailor the message appropriately to the audience and situation.
  • Demonstrated ability to convey thoughts and ideas effectively and succinctly via written formats, including emails, letters, and electronic platforms.
  • Maintain professional standards relating to spelling and grammar.
  • Maintain good working relationships with internal partners by exhibiting exemplary interpersonal skills, adopting a constructive, solutions-focused approach.
  • Use sound professional judgment to balance the interests of the organization and customer, understanding and using available resources to mitigate risks.
  • High proficiency with Microsoft 365 products and applications, including the ability to effectively prepare or review documents, procedures, and reports.
  • Experience with administration and architecture for one or more infrastructure technologies (networking, Windows OS, Linux OS, Active Directory, PKI, etc.) required.
  • Working technical knowledge of several of the infrastructure technologies preferred (such as Active Directory, Server 2016 & 2019, Azure, 0365, and various AV products, Vulnerability Management).
  • In-depth technical knowledge of and experience with one or more common security products and toolset (firewalls; intrusion prevention systems; web-security content management; authentication services; SEIM; etc. required).
  • Working technical knowledge of wider a cross-section of the common security products and toolsets.
  • Demonstrated ability to learn new systems and applications, as well as the ability to understand, adapt and adjust responsibilities/workflows because of system upgrades.

Nice-to-haves

  • Experience working in a highly regulated industry (financial services or health care) desired.
  • Familiarity with software development process and practice and banking technologies and applications a plus.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service