Global Cyber Security Analyst

Dentons is designed to be different. We are driven to always be the firm of the future, to challenge the status quo, and to provide holistic business solutions to our clients in new and innovative ways. We are the lightbulb moments. The bold ideas. We are the world's largest global law firm, with 12,000+ people across 80+ countries. Driven by the diverse perspectives of our people, our clients, and our communities, we combine local knowledge with global insight.

The Global Cyber Security Analyst will analyze and correlate global and regional cybersecurity data. This includes helping to monitor, triage, and prioritize the response to alerts for both cloud and traditional infrastructures.

This position is designated for weekend coverage. The role’s standard 5-day work week will include Saturday and Sunday.

Responsibilities:

• Perform technical analysis on a wide range of cybersecurity issues.
• Monitor, triage, prioritize, and coordinate events with global and regional teams, and respond to alerts for further investigation.
• Integrate lessons learned to improve defensive capabilities and incident response processes, ensure proper configurations and security controls of systems and agents, document key findings in reports and incident management systems.
• Conduct enterprise security log collection, management, and analysis. Investigate SIEM events, alerts and tips to determine if an incident has occurred.
• Recognize attacker and APT activity; tactics, techniques, and procedures (TTPs); and indicators of compromise (IOCs) that can be used to improve monitoring, analysis and incident response - integrate threat intelligence reporting indicators of compromise to improve defenses and proactively mitigate new threats.
• Coordinate the response for confirmed security incidents, to include efforts to scope, contain, eradicate, and remediate - function as the first line of cyber defense as part of the Global Security Team.
• Maintain situational awareness and keep current with cyber security news and latest threat actor TTPs, in part to support the production of effective situational awareness products with relevant metrics and visualizations for key stakeholders and leadership.
• Review of multiple log types including Windows, Active Directory, Email, Firewall, VPN, etc. to conduct malware analysis, host and network, forensics, log analysis, and triage in support of incident response activities.
• Assist in developing and maturing the future services and capabilities of the Global Security Team, such as Forensics, Threat Management, Penetration Assessments, Tool Management, Vulnerability Management, etc.

Requirements

For this role, we value ability, attitude and aptitude over experience and skills as we can train you.

• Ability – quick to learn new skills and concepts, and work in a team-oriented collaborative environment.
• Attitude – self-motivated, driven, passionate about solving problems and getting the job done right.
• Aptitude – great at solving problems and unravelling puzzles.
• Team-oriented and skilled in working within a collaborative environment.
• Ability to multi-task, prioritize and execute tasks in a high-pressure environment.
• Required flexibility to work nights, and/or holiday shifts in the event of a serious incident. This role is designated to work on weekends.
• Excellent written and verbal communication, interpersonal, intercultural, and presentation skills.
• Occasional travel to support global cyber security operations and incident response may be necessary.

An ideal candidate will have the following technical experience:

• Bachelor’s degree in computer science, Information Security, Information Technology, or other related disciplines (or equivalent professional experience).
• 1-2 years of experience in incident analysis, security architecture, malware research, SOC analyst, or any other similar incident response experience.
• Fundamental understanding of security tools such as SIEM, IDS/IPS, web proxies, DLP, SIEM, DNS security, DDoS protection, and firewalls.
• Knowledge of MITRE ATTCK security framework, Cyber Kill Chain analysis, and/or other useful threat analysis models.
• Knowledge of the incident response process (PICERL) and industry best practices, TCP/IP protocols, computer networking, routing, switching, Window and Linux operating systems, and encryption technologies.
• Experience analyzing and inspecting log files, network packets, and any other security tool information output from multiple system types.
• Familiar with basic reverse engineering principles and understand of malware, rootkits, TCP/UDP packets, network protocols.
• Knowledge and experience with scripting and programming (Python, PERL, etc.).
• Experience with technical analysis of email headers, links, and attachments to determine if an email is malicious, and then executing remediation techniques to protect the environment.
• Industry certifications such as GCIH, GCIA, C|EH, C|SA, CySA+, Security+, etc.

Benefits

Remuneration and benefits package will reflect the successful candidates experience and country where hired.