Lead Cybersecurity Analyst - CSIRT (Incident Response)

Target•Brooklyn Park, MN

1d•Hybrid

About The Position

Target Technology Services is on a mission to offer the systems, tools and support that guests and team members need and deserve. Our high-performing teams balance independence with collaboration, and we pride ourselves on being versatile, agile and creative. We drive industry-leading technologies in support of every angle of the business, and help ensure that Target operates smoothly, securely, and reliably from the inside out. As a Lead Cybersecurity Analyst on CSIRT, you will assist with leading the team as you assess information security events and incidents across the Target environment. In this role, you will use your expertise to collaborate and utilize problem solving skills as you work among a team of skilled analysts to address complex problems within a 24x7 Cyber Fusion Center (CFC) environment. You will implement new processes and procedures as identified by the CSIRT and CFC Leadership to ensure continuous improvements for Target’s monitoring, detection, and mitigation capabilities. You will use your expert-level knowledge of Information Security to monitor SIEM and logging environments for security events and alerts to potential (or active) threats, intrusions, and/or compromises. You will lead internal training of CSIRT Analysts to ensure their continued education as an Analyst and growth. You will work to understand the global threat landscape by working with Target Cyber Threat Intel team to maintain awareness. You will review and guide requests from internal teams and will escalate information security events according to Target’s Cyber Security Incident Response Plan. Additionally, you will lead with containment of threats and remediation of environment during or after an incident. You’ll act as the leader during Cyber Hunt activities alongside of the Target's Cyber Hunt Team. You will leverage your expert-level knowledge to write comprehensive reports of incident investigations. Job duties may change at any time due to business needs. Note: This is a shift position on Shift 2 within CSIRT. The working hours for this role are Sunday through Wednesday, 12:30pm - 10:30pm CT. If you are applying for this role you acknowledge and accept the days and times of this role.

Requirements

4-year degree, relevant certifications (e.g. GCFA, GREM, GEIR, 13Cubed), or equivalent experience
5+ years' direct experience with Security Operations, Incident Response, or Digital Forensics
Thorough understanding of advanced security and network concepts (Operating systems, intrusion/detection, TCP/IP, ports, etc.)
Expertise with host and network-based security tools (Velociraptor and Google SecOps preferred)
Expertise with network monitoring and SOAR use in a SOC environment
Ability to navigate ambiguity and develop working business relationships
Ability to demonstrate expert-level analytical expertise, close attention to detail, excellent critical thinking, logic, and adaptive learning
Demonstrates leadership skills that assist with driving desired outcomes
Excellent written and oral communication skills

Nice To Haves

Knowledge in malware analysis, memory forensics and cloud IR

Responsibilities

Assess information security events and incidents across the Target environment.
Collaborate and utilize problem-solving skills within a 24x7 Cyber Fusion Center (CFC) environment.
Implement new processes and procedures for continuous improvements in monitoring, detection, and mitigation capabilities.
Monitor SIEM and logging environments for security events and alerts.
Lead internal training of CSIRT Analysts.
Understand the global threat landscape by working with the Target Cyber Threat Intel team.
Review and guide requests from internal teams.
Escalate information security events according to Target’s Cyber Security Incident Response Plan.
Lead containment of threats and remediation of the environment during or after an incident.
Act as the leader during Cyber Hunt activities.
Write comprehensive reports of incident investigations.