At PNC, our people are our greatest differentiator and competitive advantage in the markets we serve. We are all united in delivering the best experience for our customers. As a Cyber Security Analyst Senior within PNC's Security Operation organization, you will be based in Pittsburgh, PA
The ideal candidate will have many of the following qualifications:
- Exposure to processes employed at financial institution, government or military organizations conducting cyber operations.
- Strong background in security platform and technology capabilities, SIEM utilization skills
- Ability to analyze large data sets and unstructured data for the purpose of identifying cyberthreats
- Ability to identify trends and anomalies indicative of malicious activity
- Demonstrated capability to learn and develop new security techniques
- Experience with high-level functional programming languages
- In-depth knowledge of, and experience with, TCP/IP protocol and network/packet analysis
- Must act independently, in accordance with a Standard Operating Procedure, in support of the incident management cycle
- Understands the life cycle of networkthreats, attacks, attack vectors, and methods of exploitation
- Strong knowledge of current securitythreats, techniques, and landscape, as well as a dedicated and self-driven desire to research current information securitylandscape
- Understanding of or experience with computer forensic analysis and malware analysis using forensic tools
- Experience analyzing and investigating events using an enterprise security information and event monitoring (SIEM), logs from firewalls, IDS/IPS, proxies, servers, endpoints and othernetwork devices to determine risk.
- Understanding of or experience reverse-engineering for known and suspected malware files.
- Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), GIAC Certified Incident Handler Certification or related certifications a plus
- Strong writing skills
- Team player
- Identifies, analyzes, and reports threats or forensic evidence from within the enterprise network, to protect data, information systems, and networks.
- Conducting research and analysis of various source data sets as well as identified malicious activities to perform root cause analysis and detect weaknesses exploited, exploitation methods, and the effects on IT systems and information.
- Monitoring, maintaining and leveraging technologies and processes to identify, report, and resolve cybersecurity issues
- Communicating with end users, stakeholders and strategic decision makers to ensure that securityevents are properly identified, analyzed, remediated and reported.
- Performing advanced security monitoring and forensics in order to detect and respond to potential cybersecurity incidents impacting the enterprise.
Manages Risk - Working Experience
- Assesses and effectively manages all of the risks associated with their business objectives and activities to ensure activities are in alignment with the bank's and unit's risk appetite and risk management framework.
Customer Focus - Extensive Experience
- Knowledge of the values and practices that align customer needs and satisfaction as primary considerations in all business decisions, and ability to leverage that information in creating customized customer solutions.
Job Specific Competencies
Data Administration - Extensive Experience
- Knowledge of and the ability to manage an organization's architectures, data resources, polices, practices and procedures to appropriately and effectively address business and stakeholder's needs.
INFORMATION SECURITY MANAGEMENT - Working Experience
- Knowledge of and the ability to manage the processes, tools, techniques and practices for assuring adherence to standards associated with accessing, altering and protecting organizational data.
IT Standards, Procedures & Policies - Extensive Experience
- Knowledge of and the ability to utilize a variety of administrative skill sets and technical knowledge to manage organizational IT policies, standards, and procedures.
Technical Troubleshooting - Extensive Experience
- Knowledge of technical troubleshooting approaches, tools and techniques, and the ability to anticipate, recognize, and resolve technical (hardware, software, application or operational) problems.
IT ENVIRONMENT - Extensive Experience
- Knowledge of an organization's IT purposes, activities and standards; ability to create an effective IT environment for business operations.
Problem Solving - Extensive Experience
- Knowledge of approaches, tools, techniques for recognizing, anticipating, and resolving organizational, operational or process problems; ability to apply this knowledge appropriately to diverse situations.
Effective Communications - Extensive Experience
- Understanding of effective communication concepts, tools and techniques; ability to effectively transmit, receive, and accurately interpret ideas, information, and needs through the application of appropriate communication behaviors.
Analytical Thinking - Extensive Experience
- Knowledge of techniques and tools that promote effective analysis and the ability to determine the root cause of organizational problems and create alternative solutions that resolve the problems in the best interest of the business.
Information Security Technologies - Working Experience
- Knowledge of technologies and technology-based solutions dealing with information security issues.
Firewall Management - Working Experience
- Knowledge of the methods, techniques and processes to install, maintain and update firewall systems; ability to use these to control the access of business information, both allowing passage to authorized sources and denying passage to unauthorized sources.
Information Assurance - Extensive Experience
- Knowledge of and the ability to protect information and information systems while ensuring their confidentiality, integrity and availability.
CISA, CISSP, and CISM preferred.
RequiredEducation and Experience
Roles at this level typically require a university / college degree, with 3+ years of relevant / direct industry experience. Certifications are often desired. In lieu of a degree, a comparable combination of education and experience (including military service) may be considered.