Security Operations, Security Analyst III

Company: The Standard
Location: Portland
Posted on: January 27, 2023

Job Description:

Posted Date: 2023-01-01

Req ID: REQ003023

About Us: The Standard is a family of companies dedicated to helping its customers achieve financial well-being and peace of mind. In business since 1906, we're a leading provider of group and individual disability insurance, group life, dental and vision insurance, voluntary (employee-paid) benefits, absence management services, and retirement plans and annuities for employers and individuals. For more information about The Standard, visit www.standard.com or follow us on Facebook , Twitter or LinkedIn .

Description: At The Standard, you'll join a team focused on putting our customers first.

Our continued success is driven by a high-performance culture. We're looking for people who are collaborative, accountable, creative, agile and are driven by a passion for doing what's right - across the company and in our local communities.

We offer a caring culture where you can make a real difference, every day.

Ready to reach your highest potential? Let's work together.

Our dynamic Security Operations (SecOps) team is made up of a range of experienced security analysts with a broad range of skills. As a SecOps Analyst on our team, you can expect to be working in a dynamic and rapidly changing environment. Our team provides monitoring and detection capabilities using some of the latest security platforms to achieve that goal. Incident detection and response, analysis, investigation, threat hunting, Red Teaming, detection engineering, and vulnerability management are all components of our teams' mission and goals.

The Analyst III position is a key contributor to our team's success. Collaboration and teamwork are essential. Great communications skills and self-directed leadership are key traits. You should be comfortable with applying logical thinking and deductive reasoning as you work to contain incidents and eventually get down to the root causes.

What You'll Do:
Perform detection engineering on several different platforms utilized in support of the SecOps mission
Leverage diverse analysis skills to solve complex problems related to
Work as part of a team to solve complex investigations and to perform timely incident analysis
Collaborate across business units to assist with incident response and to offer services that support our business goals as they pertain to Information Security
Be a problem solver that works to understand the "who, why, what, when, and where" of problems, thereby getting to the root causes and to eventual solutions
Work alongside technical IT teams in incident management scenarios acting in the role of key contributor to guide the team through the response process using defined plans and standard operating procedures
Use your varied skills to help tune and optimize our security controls to achieve a high level of detection and/or prevention
Assist in determining the direction of current and future tactics and strategies for the SecOps team
Coordinate the efforts for analysis and investigation into internal events that are identified using UBA. Take these investigations and work across business units acting in a key consulting role helping them to correctly interpret the data so they can make informed decisions

Who We Want:

The candidate will be able to process various streams of data and pull this into a logical framework to perform analysis using both investigation theories and hypothesis to perform accurate analysis for incident response decisions. This is a great opportunity to work collaboratively with a skilled SecOps team that enjoys what they do and are all in the process of growing their careers.

Diverse and comprehensive direct work experience related to general IT systems like storage platforms, databases, networking, operating systems, business applications, and email platforms which may all be involved in the analysis of security incidents. Experience with direct work in these IT systems should be in the range of 4+ years.
An effective communicator who is team focused and personally driven to excellence in all tasks you will be working in
Ability to demonstrate what constitutes investigation theory as it relates to incident investigation and analysis and apply this to the traditional kill chain model
Demonstrated competence utilizing security tools to gather, analyze, triage, and escalate potential threat risks
Possess the ability to manage multiple work streams and yet to stay focused on delivering the results needed to achieve planning goals
Specific experience related to Security Operations with demonstrated work experience of 2+ years in the areas of detection engineering SOC platforms and incident response
Demonstrated knowledge of procedures of malicious threat activity (i.e., insider threat, fraud, theft, sabotage, espionage, etc.) associated with behavioral analysis threat hunting
Proven experience that can be demonstrated showing how the various incident process flows work and what platforms typically handle each stage of the analysis, collection, detection, and response stages of incident response.
2-3 years of direct work experience working in cloud environments with security operations detection and monitoring tools (IDS, SIEM, EDR, SOAR)
Experience that goes beyond training and general knowledge with scripting languages (i.e., Regex, Python, Ansible, JavaScript, PowerShell and similar) that may be used by the SOC to automate repetitive analysis, and repeatable tasks
Experience with developing custom IOC's in platforms like EDR, and SIEM
A dynamic communicator who can coordinate with stakeholders to tune and improve detection capabilities or to aid in investigations or respond to incidents

Strong Candidates Will Have Experience relevant to:
A clear understanding of the MITRE ATT&CK framework and how to apply this to incident monitoring, incident response, and threat hunting. The ability to articulate how to apply this framework to the monitoring and detection disciplines used by the SOC.
Relevant certifications for this position are SANS GSOC, GSEC, GCIH and/or GCIA; ISC2 - SCCP and/or CISSP; OSCP; and/or Azure certifications
A clear and concise communicatorwith the ability to document processes, produce lucid reports, evaluate, and write procedures, and draft incident playbooks
Evaluate current & emerging attacks, assess how a malicious actor might exploit those, and propose how to enable tools and platforms for monitoring and detection for risk mitigation
Experience working with remote teams using remote collaboration tools
The use of Security Orchestration, Automation and Response platforms (playbook building, tuning, analysis, automation development)
HS Diploma or GED is required.

#LI-Remote

Note: The Standard is required to provide a reasonable estimate of the salary for this role when hiring a Colorado resident. The salary for employees working in Colorado in this role is listed below. The Standard's package also includes incentive plan participation and comprehensive benefits including medical, dental, vision, retirement, and paid time off.

Please note, eligibility to participate in an incentive program is subject to the rules governing the program and plan. Any award depends on various factors, including individual and organizational performance.

Salary Range:
$88,250.00 - $150,000.00

Standard Insurance Company, The Standard Life Insurance Company of New York, Standard Retirement Services, Inc., StanCorp Equities, Inc. and StanCorp Investment Advisers, Inc., marketed as The Standard, are Affirmative Action/Equal Opportunity employers. All qualified applicants will receive consideration for employment without regard to race, religion, color, sex, national origin, gender, sexual orientation, age, disability, or veteran status or any other condition protected by federal, state or local law. The Standard offers a drug and alcohol free work environment where possession, manufacture, transfer, offer, use of or being impaired by an illegal substance while on Standard property, or in other cases which the company believes might affect operations, safety or reputation of the company is prohibited. The Standard requires a criminal background investigation, drug test, employment, education and licensing verification as a condition of employment. All employees of The Standard must be bondable.

PI201844699

Keywords: The Standard, Portland , Security Operations, Security Analyst III, Professions , Portland, Oregon