Lead Security Analyst - Incident Response

About The Position

Requirements

• 7-10+ years in Information Security.
• 5+ years in Incident Response.
• Strong analytical skills including the ability to assess the severity and impact of a security incident.
• High level of technical expertise in information security, including deep familiarity with relevant penetration and intrusion techniques and attack vectors.
• Demonstrated ability to collaborate effectively with operational teams internally and with a third-party Managed Security Services Provider (MSSP).
• Excellent investigative skills, insatiable curiosity, and an innate drive to win.
• Instinctive and creative, with an ability to think like the enemy.
• Ability to demonstrate strong computer knowledge of network protocols, desktops, servers, cloud and software as a service technology.
• Experience with Security Information and Event Management (SIEM) platforms, next generation firewalls, email security platforms, Endpoint detection and response technologies, Data Loss Prevention Software, Web Proxies, and Web Application Firewalls.
• Familiarity with common scripting languages like Python and/or Powershell.
• Familiarity with commonly deployed information technology resources including email, web, network, workstation and servers.
• Strong problem-solving and trouble-shooting skills.
• Self-motivated and able to work independently.
• Strong written and verbal communication skills.

Responsibilities

• Perform cybersecurity incident response including security event analysis, incident handling, reporting, and threat analysis.
• Analyze and triage events, anomalies, and incidents to ensure appropriate identification of risk to company systems and information.
• Lead, oversee and participate in the forensic analysis of cybersecurity incidents.
• Communicate and coordinate response efforts including working with the third-party MSSP, Information Technology teams, Business Leaders, Legal, Chief Security Officer and other Third Parties.
• Prepare situation reports, escalate to leadership, and perform root cause analysis.
• Develop and report KPI's to enable continuous improvement of information security risk management controls.
• Share lessons learned from incident response and threat hunting to strengthen detection and response capabilities.
• Model insider and external threats to Campbell's systems and data.
• Assess existing detection and response capabilities and provide recommendations for improvement.
• Leverage security orchestration (SOAR) to automate security response procedures.
• Maintain and enhance security monitoring and incident response procedural documentation.
• Partner with the third-party MSSP to develop KPI's for management.
• Validate the efficacy of security monitoring through attack simulation and purple team testing.
• Leverage lessons learned, threat modelling and emerging industry better practice to analyze the effectiveness of the existing program.
• Partner with Security Business Analysts, Security Architects to identify security logging and monitoring requirements for new initiatives.
• Proactively seek to uncover indicators of compromise that will identify whether Campbell's systems have been breached.
• Collect and aggregate threat intelligence from a wide variety of sources and assess for relevance to Campbell's environment.
• Create hypotheses for analytics and testing of threat data.
• Partner with the third-party MSSP, Threat Intelligence firms and other parties to identify threats that may impact Campbell.

Benefits

• Medical, dental, short and long-term disability, AD&D, and life insurance.
• Matching 401(k) plan with immediate vesting.
• Unlimited sick time along with paid time off and holiday pay.
• Free access to the fitness center at WHQ.
• Access to on-site day care (operated by Bright Horizons) and company store.
• Employee donations and/or volunteer activity matching program up to $1,500 annually.
• Variety of Employee Resource Groups (ERGs) to support employees.