About Gartner IT:Join a world-class team of skilled engineers who build creative digital solutions to support our colleagues and clients. We make a b..
About Gartner IT:
Join a world-class team of skilled engineers who build creative digital solutions to support our colleagues and clients. We make a broad organizational impact by delivering cutting-edge technology solutions that power Gartner. Gartner IT values its culture of nonstop innovation, an outcome-driven approach to success, and the notion that great ideas can come from anyone on the team.
About the role:
This is a new role, created to support Gartner’s growing Security Operations team. As a Lead Security Analyst, you will be supporting the team in a multitude of disciplines, including Incident Response, Investigations, and various project efforts to uplift our capabilities. You will assist with
managing risk to Gartner’s reputation, customers and Information Technology by providing cyber security analysis and incident response expertise. You will play a key role in defending Gartner’s network and intellectual properties. Our team is filled with lifelong learners who are consistently researching ways to better defend and stay ahead of the threats of tomorrow. We are also a collaborative, flexible group, where good ideas are brought forth and acted upon, whether they come from the most experienced or the newest members of the team.
What you will need:
? Demonstrated ability to promptly prioritize and analyze security events, enabling swift decision-making on appropriate courses of action and initiating rapid response measures.
? Expertise in conducting and driving analysis and investigation of cybersecurity incidents.
? Experience articulating technical findings and creating detailed incident reports.
? Extensive experience in leveraging security tools such as SIEM, EDR, web proxy and email security tools
? Exprecience driving security projects from requirements gathering to successful completion.
? Hands on experience with cloud environments and performing investigations in them. (AWS, Azure, GCP).
? Digital Forensics and Incident Response (DFIR) skills.
? Ability to query using query languages such as SPL, SQL, KQL.
? Threat hunting experience or previous red/purple team experience (practical or lab based).
? Ability to communicate effectively and possess excellent prioritization skills.
? Ability to automate tasks and code solutions to repetitive problems (Python, PowerShell, Bash).
What you will do:
? Conduct daily investigation of security events and incidents end to end.
? Serve as a subject matter expert in driving incident response and be the primary decision-maker for your geographic region, overseeing various aspects of rapid incident response measures.
? Provide detailed notes and reporting for all security events and incidents analyzed.
? Provide mentorship and guidance to the rest of the team.
? Regularly drive and participate in team uplift projects, enhancing or setting up new capabilities.
? Create runbooks and playbooks for repeatable tasks.
? Build and implement tools to automate security monitoring and tasks.
? Threat Hunting- Hunt for bad, misconfigurations, and other anomalous activity.
? Drive automation initiatives, enhancing analyst capabilities and workflows while eliminating monotonous tasks.
? Develop innovative and cutting-edge detection content aligned with ATT&CK, Cyber Kill Chain, and various other cyber security frameworks.
? Bring your own ideas and solutions to a fast-paced, growing, and evolving team centered around operational excellence.
? Provide rotational on-call support for weekend emergencies (rarely), ensuring uninterrupted security coverage and prompt incident response.
? Responsible for ensuring smooth handover processes to facilitate effective collaboration among team members located in various geographical locations, fostering seamless communication and coordination to achieve successful outcomes.
? Work closely with key stakeholders and cross functional BUs representing the SecOps team to identify, respond to, and remediate information security issues.
Who you are
? 6-10 years of relevant Information Security or SOC experience.
? Bachelor’s in Computer Science, Information Security, Engineering, or commensurate experience in Information security is preferred.
? Passion for security and solving tomorrow’s problems.
? Willingness to learn new technology platforms.
? Strong team player
? Certifications like GCIH, GCFA or equivalent are a plus.
? Able to work proactively in a time sensitive operations environment.
? Innovation mindset – Takes opportunities to make existing processes more efficient and thinks “automation first”