Senior System Cyber Analyst Detection Engineering & Automation

Overview

Come join us at Con Edison where we are actively seeking a highly skilled and motivated Senior System Cyber Analyst Detection Engineering & Automation to become an integral member of our growing Advanced Cyber Defense team. This senior role offers a unique opportunity to significantly enhance our threat intelligence, threat hunting, and detection engineering programs. You'll play a pivotal role in advancing our detection engineering and cybersecurity automation efforts, helping us stay ahead of emerging threats and ensuring the security of our systems. If you're passionate about cybersecurity and eager to make a substantial impact, Con Edison is the place for you. Join us and be part of a dynamic team dedicated to safeguarding our digital future.

- Design, implement, and continuously tune detection logic using detection-as-code principles.

- Create and maintain CI/CD pipelines that automate the linting, testing, validation, and deployment of cybersecurity detections.

- Manage detection and automation repositories with Git, ensuring they adhere to coding standards, documentation practices, and version control policies.

- Develop and maintain comprehensive orchestration and automation playbooks in Splunk SOAR.

- Build machine learning models for detecting anomalies and malicious activities.

- Monitor the health of logs and detection infrastructure.

- Drive closure of logging and visibility gaps.

- Administer and continuously improve our security case/workflow management tool.

- Design and perform threat hunts to identify malicious activity, misconfigurations, and visibility gaps.

- Help create and maintain detection content and dashboards.

- Perform adversary emulation in special test environments.

- Design, implement, and maintain automated workflows for threat intelligence and threat hunting.

- Serve as a Tier 3 escalation point for the Cybersecurity Operations Center (CSOC).

- Evaluate, recommend, and onboard new tools and processes to enhance capabilities.

Qualifications

Required Education/Experience

- Master's Degree in Computer Science, Cybersecurity, or other related area and 2 years of relevant work experience.

- Bachelor's Degree in Computer Science, Cybersecurity, or other related area and 3 years of relevant work experience.

- Associate's Degree in Computer Science, Cybersecurity, or other related area and 4 years of relevant work experience.

- High School Diploma/GED and 5 years of relevant work experience.

Relevant Work Experience

- Experience in threat intelligence, threat hunting, detection engineering, or a related cybersecurity role, required.

- Strong programming experience with Python or a similar language, required.

- Strong knowledge of detection-as-code practices, required.

- Experience with creating and maintaining CI/CD pipelines, required.

- Proficiency with Git, required.

- Expert knowledge in Splunk Enterprise Security and Splunk SOAR, required.

- Strong proficiency in analyzing IOCs, TTPs, user activity logs, host logs, network logs, and PCAPs to identify malicious behavior, required.

- Experience with MITRE ATT&CK and threat hunting frameworks, methodologies, and approaches, preferred.

- Strong understanding of Incident Management and Incident Response frameworks, preferred.

- Experience using Microsoft Sentinel and KQL, preferred.

- Knowledge of digital forensics and investigation techniques, particularly on Windows and Linux, preferred.

- Knowledge on cloud security and cloud architecture best practices, preferred.

- OT/ICS Security knowledge, preferred.

Skills and Abilities

- Possesses strong technical aptitude

- Excellent collaboration and team building skills

- Strong verbal communication and listening skills

- Demonstrated written communication skills

- Must be proficient in Microsoft Office including Word, Excel, Outlook and PowerPoint, etc.

Licenses and Certifications

- Driver's License Required

- Other: Technical certifications (e.g. CISSP, CISM, CIPP, etc.) Preferred

Additional Physical Demands

- The selected candidate will be assigned a System Emergency Assignment (i.e., an emergency response role) and will be expected to work non-business hours during emergencies, which may include nights, weekends, and holidays.

- Must be able and willing to travel within Company service territory, as needed.

- Must be available 24/7, on call, and/or participate in off-hour emergency response activities as required.