Lead Cybersecurity Analyst
Discover. A more rewarding way to work.
At Discover Financial Services, you’ll find yourself in the company of some of the industry’s smartest and most reliable professionals. And at a company that rewards dedication, values innovation and supports growth.
Thrive in an environment that promotes teamwork and shared success. Build on a foundation of mutual respect. Join the company that understands rewarding careers like no other, with this exceptional opportunity:
At Discover, be part of a culture where diversity, teamwork and collaboration reign. Join a company that is just as employee-focused as it is on its customers and is consistently awarded for both. We’re all about people, and our employees are why Discover is a great place to work. Be the reason we help millions of consumers build a brighter financial future and achieve yours along the way with a rewarding career.
The Discover Security Intelligence & Incident Response Team (SIIRT) is looking for qualified security analysts to join our ranks. Comprised of several sub-teams, Discovers SIIRT group oversees all information security detection, response, and intelligence efforts for the enterprise.
SIIRT currently has an opening on one of our newest teams. This highly specialized team of skilled analysts serves as experts in creating detective tools and logic for our Security Operations Center (SOC) and related enterprise teams. Our primary mission is to enable our analysts to efficiently find, triage, and analyze potential security incidents and related items of concern. To achieve these goals, we have a wide variety of tools, techniques, and datasets at our disposal. We utilize an innovative blend of commercial and home-grown solutions to ensure the best possible tools are deployed to meet our analysts needs.
As we continue to build out our detective tools and capabilities, were looking for talented, self-motivated, and experienced professionals who have a strong passion for designing and deploying solutions to hunt down and identify anomalous and malicious activity. Were interested in people who enjoy being challenged on a daily basis to stay one step ahead of an ever-changing landscape of threats and adversaries. Whether you are a seasoned SOC analyst or a security engineer in search of a unique and exciting challenge, were looking for new team members to join us in guarding our enterprise as the last and ultimate line of defense.
Responsibility of the role is as an active participant in developing the Cybersecurity roadmap, and delivering secure systems, cyber applications, technical projects and regulatory and risk requirements. This includes Cybersecurity framework, program optimization, vulnerability remediation, metrics reporting, performance analysis, and mitigation of operational risk in a high velocity culture. Requires high-level critical thinking to perform duties related to projects, compliance, metrics, assurance, vulnerabilities, or threats.
- Building and maintaining custom security detection logic to analyze and correlate information to produce meaningful, actionable results
- Tuning of rules, filters and policies for detection-related security technologies to improve accuracy and visibility
- Creation of visualizations and telemetry to accurately depict operational status and increase situational awareness
- Data mining of log sources to uncover anomalous activity, along with related items of interest
- Maintaining documentation of tools, logic, policies, and procedures
- Serving as a lead on team projects and providing guidance to more junior team members
- Acting as a representative of the team for larger company projects and initiatives
- Identifies and evaluates potential vulnerabilities and drives the normalization, correlation, and integration of internal and subscription-threat intelligence source. Produces actionable intelligence in the form of reports, notifications, alerts, and briefings. Develops mitigation and countermeasure strategies from collected threat intelligence. Recognizes security violations and take appropriate action to report each incident, as required. Analyzes the organization’s cyber defense procedures and configurations, and evaluates compliance with regulations and organizational directives.
- Performs in-depth analysis of security issues and/or vulnerabilities. Ensures compliance to audit, regulatory, and legal requirements. Builds and maintains effective relationships with peers and internal business partners. Creates effective controls to address security concerns.
- Maintains in-depth knowledge of security trends and threats. Designs and develops security solutions and processes consistent with business goals and risk tolerance. Provides subject matter expertise for supported Cybersecurity technologies.
- Develops metrics and new capabilities to ensure confidentiality, integrity, availability, authentication, and non-repudiation. Measures effectiveness of defense-in-depth architecture against known vulnerabilities. Engages in reporting risk remediation assurance and automation/integration initiatives, and collaborates with stakeholders, at all levels, to ensure remediation is validated, risk is mitigated, and findings are fully closed/resolved.
At a minimum, here’s what we need from you:
- Bachelor’s Degree in Information Security, Computer Science, Business Administration, Data Analytics, or related field
- 4+ years of experience in Information Security, Computer Science, Business Administration, Data Analytics, or related field
- In lieu of a degree, 6+ years of experience in Information Security, Computer Science, Business Administration, Data Analytics, or related field
If we had our say, we’d also look for:
- Prior experience detecting, analyzing and/or responding to security incidents
- Prior experience developing custom SIEM rules
- Experience with Endpoint Detection & Response Solutions
- Experience with the Splunk Query Language (SPL)
- Experience writing Regular Expressions
- Experience with logging, continuous monitoring, and auditing in the cloud
- Knowledge of common security threats, attack vectors, vulnerabilities and exploits
- Working knowledge of common operating systems and basic endpoint security principles
- Knowledge of common networking services and protocols
- Ability to participate in an on-call rotation
- Hands-on experience with common security technologies (SIEM, UEBA, IDS, Firewall, WAF, etc.)
- Hands-on experience implementing cloud security in either AWS or Azure
- Knowledge of OWASP, MITRE ATT&CK, and SANS Critical Controls
- Previous experience with big data analytics (Splunk, Hadoop, ELK Stack, etc)
- Preferred certifications: GIAC (GCIA, GCIH, GSEC, GPEN, GREM, etc.), OSCP, CEH, etc.
What are you waiting for? Apply today!
And by the way, while you’re waiting to hear from us, don’t forget to check out the great benefits Discover offers.
The same way we treat our employees is how we treat all applicants – with respect. Discover Financial Services is an equal opportunity employer ( EEO is the law ). We thrive on diversity & inclusion. You will be treated fairly throughout our recruiting process and without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status or any other characteristic protected by federal, state, or local law in consideration for a career at Discover.
Discover Financial Services is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran status, among other things, or as a qualified individual with a disability.
So, what are you waiting for? Apply today!