Lead Cyber Security Operations

Analyze potential security incidents to determine impact/scope of the incident. Follow and help create Incident Response (IR) procedures to perform preliminary log collection and incident investigations, determining the cause of the security incident, containing the threat, and building protections against future infections. Interface and drive response/project work forwards with technical personnel and other teams in the ISO as well as the larger organization as required. Follow and help create escalation procedures to counteract and contain potential threats. Appropriately inform and advise CSOC Leadership on incidents and incident prevention, while helping to coordinate the Analyst Team and while functioning as site/shift lead(s). Drive documentation improvements of CSOC processes/tools/knowledge based upon observations and feedback from the Analyst Team. Lead and plan knowledge sharing with Analysts while developing solutions/processes/detections efficiently. Conduct network, endpoint, and log analysis by utilizing various consoles on a regular basis (e.g., SIEM, IPS, firewall, EDR, Advanced malware detection etc.). Help lead the Analyst Team to leverage the toolset to investigate incidents using computer/network forensic techniques to reconstruct events, identify unknown intrusions through use of indicators of compromise, and to identify and track any lateral movement. Lead interactions with other team members, management, and other IT teams (Workstation, Network, Server, Cloud, etc.). Maintain the integrity and security of enterprise-wide cyber systems and networks by coordinating internal team and larger Prudential resources during enterprise triage/incident response efforts. Utilize a deep understanding of attack signatures, tactics, techniques, and procedures associated with advanced threats, while using security domain knowledge to improve Prudentials defenses/detection mechanisms. Assist the CSOC Leadership in briefing the CISO can senior management. Working closely with the Hunting as well as the Cyber Threat Intelligence teams to operationalize new use cases, detections, and intelligence. Full time employment, Monday Friday, 40 hours per week. MINIMUM REQUIREMENTS: Must have a Bachelors degree in Information Technology, Information Security, Computer Science or a related field, and 5 years of progressive, post-baccalaureate related work experience in a corporate IT environment OR a Masters degree in Information Technology, Information Security, Computer Science or a related field, and 3 years of related work experience in a corporate IT environment. Of the required experience, must have 3 years of experience in each of the following: Cyber Security Operations including investigating, analyzing, and escalating security incidents; Utilizing networking, operating systems, and security tools to remediate any incidents and to create custom detections, alerts, and reporting; Triage incidents using computer, network or cloud analysis techniques; Documentation and process creation in IT, Cyber Security, and a SOC environment; Using networking, cloud, systems concepts and tools including netflow, firewall logs, proxy logs, Wireshark, Cloud consoles and host-based logs to analyze attacks to find root cause; Analyzing security log feeds and building correlations in Splunk Enterprise Security; Utilizing SIEM, SOAR and XDR tooling; Administering cloud, endpoint, networking, or server systems; Python, Bash, or PowerShell; Utilizing and maintaining Malware labs and sandboxes; and Sandboxing solutions and malicious file analysis. .