Cybersecurity Incident Response Senior Analyst in Chicago, IL

Mars Inc   •  

Chicago, IL 60601

Industry: Food & Beverages

  •  

5 - 7 years

Posted 55 days ago

This role is necessary to support the Cybersecurity Incident Response strategy and cross functional teams to develop collection and detection controls to protect Mars' information assets. Additionally, this role is a deep technical subject matter expert that can determine the proper course of action in the event of a security incident. This is a global role that requires context of how Mars, Inc. and all legal entities operate so that technology choices support Business objectives.

Key Responsibilities:

  • Member of incident response team to identify, analyze, and clear major security incidents.
  • Recommend actions on incident containment, eviction, and recovery actions.
  • Deep analysis of active and past attacks through using digital forensics and malware reverse engineering techniques.
  • Identify and create appropriate controls in SIEM and other security solution to prevent and detect security incidents.
  • Trusted expert on how to best deploy and use prevention and detection controls to address risk of breach.
  • Coordinate closely with Cybersecurity Engineering and other IT and business stakeholders to help prioritize and close controls gaps and reduce enterprise risk.
  • Engage in incident preparation exercises.
  • Recommend roadmaps for focus areas within incident response security technology.
  • Support development of incident response security standards.
  • Create designs for global incident response technology and procedures.
  • Context and Scope:
  • Provide technical guidance of third party teams and security operations center.
  • Broad knowledge of vendor landscape and capabilities.
  • Technical expertise in incident response and monitoring security technologies and deep knowledge of Mars platforms.
  • Develops internal relationships with Cybersecurity Engineering and other business stakeholders.
  • Work during non-standard business hours at times in support of incident response activities.
  • Job Specifications/Qualifications:
  • Education & Professional Qualification:
  • University degree (engineering/IT/computer science) or equivalent work experience
  • Intermediate to advanced level cyber security certifications preferred: SANS GCIH (GIAC Certified Incident Handler), SANS GCFE (GIAC Certified Forensics Examiner), SANS GCFA (GIAC Certified Forensics Analyst), SANS GREM (GIAC Certified Reverse Engineering Malware), SANS GPEN (GIAC Certified Penetration Tester), SANS GCED (GIAC Certified Enterprise Defender)
  • Knowledge/Experience:
  • 5+ years work experience in IT cyber security or related information technology areas
  • Understanding of offensive computing/hacker techniques
  • Understanding of networking fundamentals (TCP/IP, Network Layers, etc.).
  • Understanding of cloud platforms preferred.
  • Understanding of factory/ICS platforms preferred.
  • Scripting experience preferred (e.g. Python, Powershell, bash)
  • Ability to work both individually and as part of a team.
  • Strong technical writing and speaking skills.


Valid Through: 2019-11-12