Req-60797 Lead Security Analyst – Incident Response (Open)

How you will make history here…

As a key member of Campbell’s Cybersecurity Incident Response Team this individual will be responsible for detection, validation, containment, remediation, and communication for cybersecurity events and incidents such as malware infections, potential system compromises, Distributed Denial of Service (DDoS) attacks, and privacy breaches. This individual will be a key member on a team responsible for the rapid response and resolution of security incidents across the Campbell footprint including on-premises, the Cloud, and third-party hosted applications. This role involves working with internal and external teams to identify root causes, restore services and communicate status to affected stakeholders. In addition, the individual will be involved in activities to improve the security posture and incident response capabilities of the organization including process automation, purple team testing, metrics reporting and threat hunting.

What you will do…

50% - Incident Response

• Perform cybersecurity incident response including security event analysis, incident handling, reporting, and threat analysis. The role involves coordination with Campbell’s third-party Managed Security Services Provider (MSSP), internal information technology teams and other parties who may be engaged in the event of a cybersecurity event or incident.
• Analyze and triage events, anomalies, and incidents to ensure appropriate identification of risk to company systems and information whether on-premises, in the Cloud or managed by a third party.
• Lead, oversee and participate in the forensic analysis of cybersecurity incidents.
• Communicate and coordinate response efforts including working with the third-party MSSP, Information Technology teams, Business Leaders, Legal, Chief Security Officer and other Third Parties to mitigate the impact of a security or privacy breach.
• Prepare situation reports, escalate to leadership, and perform root cause analysis.
• Develop and report KPI’s to enable continuous improvement of information security risk management controls.

25% - Enhance/Implement Capabilities to Strengthen Detection and Response Capabilities

• Share lessons learned from incident response and threat hunting to strengthen detection and response capabilities.
• Model insider and external threats to Campbell’s systems and data.
• Assess existing detection and response capabilities and provide recommendations for improvement.
• Leverage security orchestration (SOAR) to automate security response procedures.
• Maintain and enhance security monitoring and incident response procedural documentation.
• Partner with the third-party MSSP to develop KPI’s for management.
• Validate the efficacy of security monitoring through attack simulation and purple team testing.
• Leverage lessons learned, threat modelling and emerging industry better practice, to analyze the effectiveness of the existing program (policies, technology, and awareness) to continuously improve the detection and response capabilities of the organization.
• Partner with Security Business Analysts, Security Architects to identify security logging and monitoring requirements for new initiatives especially those with privacy implications.

25% - Threat Intelligence and Threat Hunting

• Proactively seek to uncover indicators of compromise that will identify whether Campbell’s systems have been breached.
• Collect and aggregate threat intelligence from a wide variety of sources and assess for relevance to Campbell’s environment.
• Create hypotheses for analytics and testing of threat data.
• Partner with the third-party MSSP, Threat Intelligence firms and other parties to identify threats that may impact Campbell.

Job Complexity:

• Appropriately balances security risk and business impact to ensure effectiveness of detection and response controls. To be effective the position must partner with third parties, business analysts, internal and external stakeholders.
• Ability to analyze threat intelligence data to develop strategic plans and budget to address emerging risk.
• Ability to build operational processes using industry best-practice that are tailored to Campbell’s organization, system, and processes.
• Ability to effectively communicate risk including corrective action plans/recommendations to non-technical audiences including Campbell’s Executives and the Board of Directors.
• Ability to create effective reports and presentations tailored to different audiences to ensure transparency and understanding of the program.
• Ability to gather information from multiple sources to quickly assess the impact of a potential security event/breach within the environment.
• Translate security events into non-technical language for leadership.
• Ability to analyze and identify tasks suitable for automation.

What you bring to the table…

7-10+ years in Information Security

5+ yrs in Incident Response

• Strong analytical skills including the ability to assess the severity and impact of a security incident.
• High level of technical expertise in information security, including deep familiarity with relevant penetration and intrusion techniques and attack vectors.
• Demonstrated ability to collaborate effectively with operational teams internally and with a third-party Managed Security Services Provider (MSSP).
• Excellent investigative skills, insatiable curiosity, and an innate drive to win.
• Instinctive and creative, with an ability to think like the enemy
• Ability to demonstrate strong computer knowledge of network protocols, desktops, servers, cloud and software as a service technology.
• Experience with Security Information and Event Management (SIEM) platforms, next generation firewalls, email security platforms, Endpoint detection and response technologies, Data Loss Prevention Software, Web Proxies, and Web Application Firewalls.
• Familiarity with common scripting languages like Python and/or Powershell.
• Familiarity with commonly deployed information technology resources including email, web, network, workstation and servers.
• Strong problem-solving and trouble-shooting skills
• Self-motivated and able to work independently.
• Strong written and verbal communication skills.