Principal Associate, Cyber Security Operations Cen

at Capital One in Chicago, Illinois, United States

Job Description

Center 3 (19075), United States of America, McLean, Virginia

Principal Associate, Cyber Security Operations Center (CSOC) - (Fusion) Analyst

The Cyber Security Operation Center Fusion team synthesizes multi-source security alerting, intrusion investigations, cyber intelligence, and business information into actionable analysis. The Fusion team provides this time-sensitive analysis to empower fellow CSOC operators defending the network and to empower leadership to make informed decisions confronting cyber threats.

The associate will be a technical team leader proactively identifying threats, and working across the SOC CSOC operations with contextualized tactical intelligence, driving cross-team initiatives to improve detection and security, conducting internal threat landscape analysis, and finding innovative new ways to automate analysis. The associate in this role will also mentor and train associates to execute fusion analysis responsibilities.

General Responsibilities:

Support day-to-day cybersecurity threat detection and incident response operations through indicator pivoting, campaign analysis, and tactical intelligence

Identify and enhance processes where automation has the potential to improve efficiencies, provide actionable data, and facilitate collaboration across CSOC

Leverage Security Orchestration, Automation, and Response (SOAR) or Security Information and Event Management (SIEM) tools to identify threat patterns, enrich investigations, and build automation-supported workflows

Deconstruct multi-source reporting into actionable intelligence including Tactics, Techniques, and Procedures TTPs data objects, campaign analysis, and threat patterns.

Regularly analyze malware reports to track adversary behaviors and support the construction of a TTP repository

Develop expertise on the Capital One threat landscape using internal data, threat trends, and operational metrics to clearly communicate the Capital One threat landscape to senior executives, to include the Chief Information Security Officer and Chief Information Officer.

Proactively build and maintain relationships with partner teams, including but not limited to Cyber Intelligence, Red Team, Insider Threat, and Hunt teams.

Conduct time-sensitive analysis during cyber investigations, including active threat hunting, malware analysis, and campaign enrichment

Routinely identify gaps in detection and collaborate with teams across the Cyber organization to mitigate risk, including blocking of malicious indicators, tuning vendor signatures, and instrumenting custom detection rules

Support the tactical intelligence-to-detection pipeline, to include malware reverse engineering, TTP analysis, and association mapping in a TIP (threat intelligence platform) for future pivoting

Attend conferences and briefings to stay current on threats against both COF and the Financial Services sector

Mentor other CSOC analysts in project execution and tactical upskilling; conduct brown bag lunches to teach specialized skill sets

Basic Qualifications:

High School Diploma, GED or Equivalent Certification

At least 4 years of experience in cyber security or information technology

At least 3 years of experience working in a Security Operations Center (SOC)

At least 3 years of experience analyzing and tracking Advanced Persistent Threats (APT) groups

At least 3 years of experience conducting threat hunting

At least 3 years of experience conducting fusion intelligence analysis

At least 3 years of experience with Threat Intelligence Platforms (TIPs), Security Orchestration, Automation, Response (SOAR) or Security Information and Event Management (SIEM) tools

At least 1 year of malware analysis (static or dynamic) experience

At least 1 year of Tactics, Techniques, and Procedures (TTP) analysis experience

Preferred Qualifications:

Bachelor's Degree

Professional certifications (CompTIA Sec+, CISSP, CEH or SANs)

3+ years of experience creating detection signatures for endpoint, network or cloud platforms

3+ years of... For full info follow application link.

Capital One is an equal opportunity employer committed to diversity in the workplace. Capital One promotes a drug-free workplace. 

All qualified applicants will receive consideration for employment without regard to gender, race, color, religion, national origin, sexual orientation, protected veteran status, or disability status.

Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections 4901-4920; Newark, New Jersey Ordinance 12-1630; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries.