Senior Security Operations Analyst

Job Description

JOB DESCRIPTION

The 'New' Fox Corporation Information Security team drives security initiatives across all of Fox's US-based businesses, including Fox Broadcasting Corporation, Fox Sports (FS1 & FS2), Fox Business, and Fox News. Fox is one of the nation's largest broadcast groups and premier sports brands and is heavily focused on producing high-quality live events and high volume direct-to-consumer digital distribution.

Fox is building an innovative security operations center and is looking for a Senior Security Operations Analyst to elevate our detection, investigation, and threat hunting capabilities for our world-class incident response. You will collaborate with other members of the team to help simplify, streamline, automate and enhance the overall security capabilities of Fox's Security Operations. This role is highly technical and requires advanced skills in intrusion detection and threat hunting to identify credible risks/adversaries to all Fox's systems before a potential breach. Collaboration with security engineers, developers, and business units to constantly improve the overall security posture will be the key to success at Fox.

We are interested in someone who is willing to challenge the status quo. We believe automation is king – we use it not only to simply enrich our data but to perform remediation and tasks at a scale that would otherwise be impossible. Fox's security operations has less noise than any SOC out there – and we intend to keep it that way. How can we apply threat modeling to daily security operations? How can we automate remediation and incorporate the human judgment from users? What open source technology and OSINT can be applied as part of our toolset? Bring it all to the table.

A SNAPSHOT OF YOUR RESPONSIBILITIES
• Provide incident response and be a key point of contact during all incidents; own the incidents from start to finish, which includes investigation, correlation, triage, response, mitigation, ticketing, documentation, postmortem analyses and forensic analysis
• Monitor our alert channels, SIEM/SOAR notifications and EDR/IDS/IPS solutions for incidents, threat hunt for malicious activity, triage as needed on a 24x7 basis, and continuously tune rules to reduce false positives
• Grow and mature our threat intelligence program - gather, analyze and assess threat intelligence to report on the current and future threat landscape, and provide a realistic overview of risks and threats in the enterprise environment
• Enhance our detection capabilities with correlation, situational awareness, and intel enrichment
• Develop strategies to detect new threats as they emerge, including those from the most sophisticated threat actors
• Apply knowledge of monitoring, analyzing, detecting, and responding to cyber events to develop clever, efficient methods for the SOC to handle all incident types and to weaponize our threat hunting capabilities
• Assist in the tuning of EDR/IDS/IPS solutions to improve detection, reduce noise, add IOAs, etc
• Document playbooks and train other team members on new IR processes
• Provide integral feedback and guidance on the integration of new playbooks, use cases and workflows to be adopted across the entire InfoSec team, as well as other parts of the organization
• Work with developers on the InfoSec team to build security automation workflows, enrichments, and mitigations
• Evaluate SOC policies and procedures and recommend updates to management as appropriate
• Work with the security engineering team to improve tool usage and workflows as well as mature monitoring and response capabilities

WHAT YOU WILL NEED
• 4+ years of experience working in cybersecurity operations and incident response, including utilizing Security Information and Event Management (SIEM) platforms, Intrusion Detection/Prevention Systems (IDS/IPS), and Vulnerability Management and Threat Intelligence applications
• 3+ of the following certifications: CEH, CISM, GIAC, GCIH, GSLC, GICSP, GSEC, CEH, GWAP, CompTIA Net+, CompTIA A+, CompTIA Security+, CASP CE, SEC+, Splunk Core, OSCP, CISSP, etc.
• Proficient operator of security tools such as end point protection/EDR, SIEM, IPS/IDS, HIDS/NIDS, Networking, firewalls, WAFs, Edge/endpoint security, DNS security, layered security, defense in depth practices, vulnerability scanning, malware analysis tools, networking tool for full packet analysis, data encryption, data loss prevention, etc.
• Programming/scripting experience (bash, python, PowerShell)
• Linux/Unix OS, Windows and Mac administration skills
• Intimate understanding of technology and be motivated to constantly learn new technologies
• Strong ability to learn and research new things, including tools, languages, frameworks, etc.
• Excellent verbal and written communication skills
• A collaborative mindset that thrives in a fast-paced environment

NICE TO HAVE, BUT NOT A DEAL BREAKER
• A Bachelor's degree or equivalent experience
• Forensics and/or malware analysis experience, which includes hands-on experience completing malware analysis, memory analysis and disk forensic

Jobcode: Reference SBJ-d5946e-3-144-102-239-42 in your application.