TheExperian GSOC was established nearly 8years ago. Various team members havepresented at several local and national conferences and information securitygroup meetings. Current projects include a number of custom applicationintegrations, new business unit and data center integrations, creative usecases for security alerts and trend reporting, and ambitious goals for nextgeneration monitoring using Hadoop, Splunk, and open source tools.
TheExperian GSOC is a close, diverse team of professionals in 3 distinct roles:SIEM Engineers, Security Analysts, and Threat Intelligence.Theseindividuals also work closely with the vulnerability management team (includingin-house and external pen testing) and a number of othersecurity teams,technical SMEs, and business unit contacts. There is a high expectation ofexcellence as well as personality, but with excellence also comes flexibilityand opportunity.
The GlobalSecurity Operations Center is responsible for the collection, analysis, andescalation of securityevents. The GSOC is responsible for forensics analysisand investigation to determine if alerts or securityevents warrant incidentclassification. If an event is classified as an incident by GSOC staff, theGSOC is responsible for tracking the incident through final resolution. GSOCStaff will perform incident triage to include determining scope, urgency, andpotential impact, and they will identify specific vulnerabilities and makerecommendations to allow for expeditious remediation.
The Sr.Analyst takes part in the creation and steady improvement of correlation rules,security policies, processes and procedures and other department relateddocumentation. The Sr. Analyst is a leader within the organization, executingon strategic items that promote a strong information security posture.
- Investigate incidents using SIEM technology, packet captures, reports, data visualization, and pattern analysis.
- Analyze, escalate, and assist in remediation of critical information security incidents.
- Improve and challenge existing processes and procedures in a very agile and fast moving information security environment.
- Security analysts should have expert knowledge of:
- Information security policies and goals
- Log analysis and event traffic patterns
- The current IT threatlandscape and upcoming trends in security
Knowledge, Experience & Qualifications
- 3+ years' experience in securityevent analysis and/or security incident analysis.
- 2+ years' experience in one of the following:
- Network operations or engineering
- System administration on Unix, Linux, or Windows
- Malware reverse engineering
- Offensive security (penetration testing/vulnerability scanning)
- Advanced incident handling
- Scripting and automation
- Ability to read an understand packet captures from a security perspective
- General technical skills, includes TCP/IP knowledge, networking and security product experience
- Willingness to acquire in-depth knowledge of network- and host securitytechnologies and products (such as firewalls, network IDS, scanners) and continuously improve these skills
- Demonstrated ability to work in a team environment, able to train and coach other team members
- Strong written and verbal communication skills
- 2 years of information security related experience, in areas such as:
- System patching
- Log analysis
- Intrusion detection
- Security device administration.
- Relevant technical and industry certifications are a plus, e.g. GIAC certifications, Security+, CISSP, OSCP, CEH
Bachelor’sdegreepreferred, but not required