Sr System Cyber Analyst

Overview

Con Edison is seeking a Senior Incident Response Analyst to build and expand our Incident Response capabilities. This position will work very closely with our Cybersecurity Operations Center (CSOC) and report directly to the Director, Cybersecurity Operations. The selected candidate will lead incident investigations, strengthen detection and response capabilities, expand our cloud security posture, and mentor SOC analysts.This role will focus on monitoring and analyzing alerts, performing advanced network and cloud investigations, guiding the SOC through the entire cyber kill chain, and driving continuous improvement across on-premises, cloud, and operational technology (OT) environments.

- Execute and oversee incident response across all phases of the cyber kill chain.

- Investigate incidents from detection to resolution by rapidly assessing threats, determining impact, coordinating responses, collaborating with relevant teams, and managing incident response through all stages of the cyber kill chain.

- Develop and maintain incident response playbooks and procedures to align with industry best practices and emerging threats, leveraging threat intelligence for enhanced detection and response.

- Design and implement cloud-focused incident response processes, expand SOC capabilities, integrate cloud-native tools, and collaborate with engineering teams to strengthen detection, investigation, and optimizing detection and response for AWS, Azure, and GCP environments.

- Investigate network and cloud activity by analyzing logs, packet captures, endpoint telemetry, and applying frameworks like MITRE ATT&CK to identify attacker entry points, lateral movement, and indicators of compromise.

- Lead post-incident reviews by documenting actions, performing root-cause analysis, identifying vulnerabilities, and continuously enhancing SOC detection and response processes.

- Collaborate with SOC analysts and other teams to enhance investigative and triage skills, deliver ongoing training, and embed security best practices throughout the organization.

Qualifications

Required Education/Experience

- Master's Degree and (2) years of Cybersecurity Operations, Cybersecurity Engineering, Incident Response or other related experience. or

- Bachelor's Degree and (3) years of Cybersecurity Operations, Cybersecurity Engineering, Incident Response or other related experience. or

- Associate's Degree and (4) years of Cybersecurity Operations, Cybersecurity Engineering, Incident Response or other related experience.

Relevant Work Experience

- Demonstrated experience in security monitoring, threat detection, and effective management of real-world cyber incidents in collaboration with stakeholders, required.

- Proficient in utilizing both commercial and open-source cybersecurity tools, required.

- Hands-on experience in coordinating containment, eradication, and recovery operations for a variety of threats, including malware, phishing, ransomware, cloud-based, and edge attacks, required.

- Experienced in working with cybersecurity teams and other business units to ensure seamless incident response and communication, required.

- Capable of providing timely updates to leadership during security incidents and documenting comprehensive incident reports, required.

- Certifications such as GCIA, GCIH, GCFA, GNFA, CISSP, OSCP, or cloud-specific certifications like AWS Security Specialty, Azure Security Engineer Associate, or Google Professional Cloud Security Engineer, preferred.

- Experience automating SOC workflows using Python, PowerShell, or similar scripting languages, preferred.

- Familiarity with hybrid cloud/on-premise security integration, preferred.

Skills and Abilities

- Strong verbal communication and listening skills

- Demonstrated written communication skills

- Demonstrated analytical skills

- Must be proficient in Microsoft Office including Word, Excel, Outlook and PowerPoint, etc.

Licenses and Certifications

- Driver's License Required

- Other: Relevant DFIR certifications such as GCIH, GCIA, GCFE, EnCE, GREM, CFCE or similar. Preferred

Additional Physical Demands

- The selected candidate will be assigned a System Emergency Assignment (i.e., an emergency response role) and will be expected to work non-business hours during emergencies, which may include nights, weekends, and holidays.

- Must be able and willing to travel within Company service territory, as needed.