Lead Information Security Analyst

External Applicants: Please apply through Prosperity Bank's Career Center at Applying through any other source may prevent Prosperity from receiving your application. Internal Applicants: If you are a current associate of Prosperity Bank, please apply through the internal Talent - Career Center in ADP.

POSITION PURPOSE

The Lead Information Security Analyst serves as a senior member of the Security Operations Center (SOC), playing a critical role in detecting, analyzing, and responding to potential or active threats against the Bank's information infrastructure and data. This role involves close collaboration with the Bank's Information Security Incident Manager to support the Incident Response Team's capacity to effectively contain and resolve cybersecurity incidents. Additionally, the Lead Information Security Analyst provides mentorship and guidance to junior team members, sharing expertise, best practices, and strategies to enhance the SOC's overall efficiency, resilience, and threat response capabilities.

ESSENTIAL FUNCTIONS AND BASIC DUTIES

1. Serve as the lead incident response coordinator within the security operations team, providing regular mentorship and fostering collaboration among peers.
2. Monitor security events and alerts across a variety of platforms (e.g., SIEM tools, intrusion detection systems, etc.).
3. Effectively identify and triage security incidents through determining the scope, severity, and potential impact.
4. Respond to security incidents promptly, coordinating with the incident response team to rapidly contain and mitigate threats.
5. Maintain consistent documentation of security incidents and actions taken to ensure transparency and compliance.
6. Produce incident response post-mortem analysis reports, including technical summaries of attackers' tactics and techniques, impacts, root-cause, and other relevant incident findings.
7. Provide regular updates to appropriate constituencies on security posture, ongoing incidents, and potential exposures.
8. Identify the utility of digital evidence, correlate data, and perform analysis of logs to identify potential vulnerabilities, threats, intrusions, and incidents.
9. Create and implement threat detection techniques and create alerting rules to enhance detective controls.
10. Identify and assess risk introduced by technical and operational vulnerabilities using automated tools and manual techniques.
11. Collaborate with cross-functional teams to support effective remediation strategies for identified vulnerabilities.
12. Maintain awareness of emerging threats, attack vectors, and vulnerabilities to enhance incident detection and prevention strategies.
13. Identify adversarial tactics and techniques, develop effective threat models, analyze and identify potential exposures, and recommend remediation strategies to inform strategic security decisions.
14. Collect, analyze, and share threat intelligence relevant to the organization's security posture with appropriate personnel.
15. Integrate cybersecurity intelligence from external and internal resources, identify deficiencies, and recommend adjustments to refine and strengthen intelligence utilization strategies.
16. Maintain effective communication with internal and external stakeholders to ensure timely and accurate security incident awareness.
17. Participate in security meetings and contribute to the development of incident response policies, procedures, playbooks, and best practices.
18. Work outside of regular business hours when necessary.
19. Other duties as assigned.

The above statements describe the general nature and level of work only. They are not an exhaustive list of all required responsibilities, duties, and skills. Other duties may be added, or this job description amended at any time

QUALIFICATIONS

Education/Certification:
Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related discipline; or the equivalent of combined education and relevant work experience. Advanced degrees in cybersecurity can substitute work experience on a year-for-year basis.

Professional certifications through ISC(2), ISACA, GIAC, OffSec or CompTIA are preferred.

Experience Required:
Minimum of 2 years of experience in an information security role with responsibilities in one or more of the following domains: security and risk management, asset security, security architecture and engineering, communications and network security, identity and access management, security assessment and testing, security operations, and software development security.Direct experience in security operations, cyber defense, or incident management is preferred.

Demonstrated ability to successfully execute initiatives in complex and highly regulated environments.

Banking or financial services industry experience is a plus.

Required Knowledge:
Practical knowledge of adversarial tactics, cyber-attack and exploitation tools and techniques (including network exploitation), data exfiltration methods, and insider attack patterns to effectively anticipate, detect, and counter malicious activities.

Practical knowledge of analytical, data analysis, and information searching tools and techniques, along with working proficiency in security information and event management (SIEM) and event correlation methods to accurately detect, analyze, and respond to security incidents.

Strong understanding of cybersecurity principles and practices-including data integrity, operations security (OPSEC), network security, access control, data encryption, adversarial tactics, threat remediation, and the principle of defense-in-depth.

Strong understanding of network communications and computer networking principles, including network addressing, configurations, digital communication systems, and associated protocols and endpoints, to ensure secure network environments.

Strong understanding of client/server architecture, operating systems and software, encryption algorithms (including their capabilities and applications), and authentication/authorization tools and techniques.

Strong understanding of the characteristics of cybersecurity threats, vulnerabilities, and threat characteristics-including system and network attack vectors, malware, filename extension abuse, and web application security risks.

General understanding of threat modeling tools and techniques, including MITRE ATT&K and the Cyber Kill Chain, to identify gaps in safeguards.

Strong understanding of threat intelligence principles and practices used to derive actionable security insights.

Familiarity with research methods, including OSINT, penetration testing, and vulnerability assessment used to identify and analyze potential security exposures.

Familiarity with malware analysis principles, to identify, investigate, and mitigate malicious software threats.

Skills/Abilities:
Proficient in navigating a fast-paced, highly regulated environments by applying critical thinking, establishing priorities, and tailoring complex information for diverse audiences.

Proficient in effectively communicating, collaborating, and building strong relationships with internal and external stakeholders to achieve organizational objectives.

Proficient in anticipating threats, leading incident response processes, and recognizing behavioral patterns to detect and mitigate potential security risks.

Competencies in mitigating cognitive biases, extrapolating from incomplete data sets, and performing comprehensive data analyses to derive actionable insights.

Proficient in collecting and performing network traffic and packet-level analysis to identify network threats, protect against malware, and conduct intrusion data analysis.

Proficient in gathering and querying data from diverse sources-including open-source and metadata extraction-correlating information across multiple tools and conducting thorough research.

Proficient in developing and analyzing large data sets to develop unique threat detections and security insights.

Competencies in recognizing and categorizing vulnerabilities, identifying malware threats, and effectively containing malware to protect systems and data.

Competencies in detecting host- and network-based intrusions, identifying insider threats, recognizing recurring threat incidents, uncovering filename extension abuse, spotting anomalous activity, and interpreting digital forensics data to maintain a robust security posture.

Monday- Friday: 8:00am-5:00pm
40 hours a week