Senior Principal Cybersecurity Analyst, CAT

About The Position

Requirements

• Bachelor’s degree in computer science, computer engineering, cybersecurity, or technical field preferred and a minimum of eight (8) years of related experience.
• Experience in multiple cybersecurity domains appropriate to the job description, including designing, implementing, operating, monitoring, and assessing security controls for cloud-based systems such as AWS required.
• Substantial experience designing, implementing, and operating a variety of tools and resources to identify cyber security threats, vulnerabilities, configuration defects, and other deficiencies to determine root cause and manage remediation strategies and countermeasures.
• Understanding of common cybersecurity vulnerabilities and attack patterns and ability to explain how they are both exploited and countered.
• Must demonstrate intellectual curiosity and attention to detail, with strong verbal and written communication skills

Nice To Haves

• Hands-on coding experience desired, especially as applied to creating tools and automation to customize, optimize, and enhance security controls.
• Experience supporting compliance with security frameworks, especially NIST 800, desirable.

Responsibilities

• Implement and operate cybersecurity controls, processes, and automation across multiple cybersecurity subdomains.
• Ensure security controls are well designed, effectively implemented, and aligned with organizational policies.
• Design and implement automated solutions for efficiently managing cybersecurity risk.
• Perform Threat Detection and Response in a Splunk-based environment.
• Detect cybersecurity threats, evaluate risks, and respond in accordance with policies, procedures, and best practices.
• Maintain knowledge of evolving cybersecurity control offerings and best practices; drive, recommend, and implement enhancements.
• Identify and manage cybersecurity risks including vulnerabilities, configuration defects, and other deficiencies to determine root cause.
• Manage remediation strategies and countermeasures.
• Effectively communicate risks and state of controls to stakeholders including the Chief Information Security Officer (CISO).
• Define, enforce, and promote information security policies and related governance artifacts and processes.

Benefits

• Employees may be eligible for a discretionary bonus in addition to base pay.
• Non-exempt employees are also eligible for overtime pay in accordance with federal, state, or local law.
• FINRA provides comprehensive health, dental and vision insurance. Additional insurance includes basic life, accidental death and dismemberment, supplemental life, spouse/domestic partner and dependent life, and spouse/domestic partner and dependent accidental death and dismemberment, short- and long-term disability, long-term care, business travel accident, disability and legal.
• FINRA offers immediate participation and vesting in a 401(k) plan with company match and eligibility for participation in an additional FINRA-funded retirement contribution, tuition reimbursement, commuter benefits, and other benefits that support employee wellness, such as adoption assistance, backup family care, surrogacy benefits, employee assistance, and wellness programs.
• Time Off and Paid Leave FINRA encourages its employees to focus on their health and wellness in many ways, including through a generous time-off program of 15 days of paid time off, 5 personal days and 9 sick days, unless otherwise required by law (all pro-rated in the first year). Additionally, we are proud to support our communities by providing two volunteer service days (based on full-time schedule). Other paid leave includes military leave, jury duty leave, bereavement leave, voting and election official leave for federal, state or local primary and general elections, care of a family member leave (available after 90 days of employment); and childbirth and parental leave (available after 90 days of employment). Full-time employees receive nine paid holidays.