Job Specifications
Job Overview
The Senior SOC Analyst is responsible for all aspects of the cybersecurity response activities and for advancing cybersecurity threat practices across Darden. This position researches attempts to access or compromise Darden systems and security measures and provides countermeasure recommendations. The Sr. SOC Analyst applies practical cybersecurity knowledge to develop new detective measures and practices to protect Darden. The position requires a high degree of proven technical proficiency and familiarity with software, system and network security issues in large enterprise environments.
Roles And Responsibilites
Serves as a backup for the Cybersecurity SOC Team queue manager as needed.
Provide senior level subject matter expertise in cybersecurity domains
Assess security information, triaging and responding to security events, identify false positives, and conduct correlation analysis across numerous internal and external data sources while prioritizing information security incidents.
Identify, triage and remediate threats based on threat intelligence as well as active analysis of system log data
Assess newly published vulnerabilities and attacker tactics, techniques, and procedures (TTPs) to identify possible defensive measures to locate and stop threat actors
Participation in the on-call rotation to ensure continuous 24x7 Cybersecurity coverage.
Serve as an escalation point for all Cybersecurity On-Call personnel as needed.
Serve as escalation point and support for less experienced SOC analysts to address complex and/or unusual alerts, threats, cases, requests and/ or incidents; mentor and train junior analysts
Translate defensive measures into actionable change in coordination with the Cybersecurity Engineering Team
Research and stay current on Cybersecurity trends, new security tools, security standards, best practices and news
Lead Threat Hunting exercises based on internal and external threat intelligence
Support the Forensic program - administer and maintain the forensic tools
Support the Security Automation and Orchestration (SOAR) program - administer and maintain the tool
Create search content for the SIEM tool using code and scripts
Utilize strong business and technical acumen to develop use cases and build SIEM custom apps and complex searches
Integrate additional supported log sources / devices and develop new use cases as required
Analyze and act on actionable threat intelligence; Incorporate external threat intelligence into Darden tools to stay proactive
Conduct forensic investigations for HR, Legal or incident response activities as directed
Recognize and codify attacker TTPs in indicators of compromise (IOCs) that can be applied to current and future investigations
Develop and manage metrics based on operational load, process effectiveness and supportability of the SOC
Develop and mature the SOC playbook to protect Darden team members, customers, and assets
Facilitate post incident reviews, document root causes, and actively work with impacted teams to ensure recovery
Evaluate current security technologies and processes to identify improvement opportunities and research new technologies for future recommendations to leadership
Support other Cybersecurity functions and teams to ensure holistic implementation of security controls, technologies, practices, and programs
Required Technical Skills
Minimum 7 years in the information security field
Minimum 4 years in incident response
Certified Information Systems Security Professional (CISSP) required plus two current security related certifications (e.g. CCNA,CCNP, CEH, GIAC, EnCE)
Advanced event analysis leveraging SIEM tools
In depth knowledge of network security, application security, vulnerability management, forensics, incident response and penetration testing
Demonstrated proficiency in network security concepts, such as security event correlation, TCP/IP concepts, DNS, firewall technologies, IPS/IDS, Endpoint protection, routers, switches, perimeter security, authentication, encryption, and VPN solutions
Experience with implementing Security Orchestration, Automation and Response (SOAR) tools
In-depth knowledge of and experience with Kill Chain and MITRE ATT&CK Frameworks
Proven knowledge of common attack vectors such as port scans, man-in-the-middle, DoS, DDoS, malware, and web application attacks
Experience in leading incident detection and response activities
Proven experience in Forensics
Familiarity with Linux, Windows and cyber forensic evidence concepts
In depth knowledge and experience defending against common exploits, vulnerabilities and other cyber attacks
In depth knowledge of security vulnerability concepts, viruses, hoaxes, phishing, backdoors and patch management
Experience with built in OS shell commands and 3rd party command line and scripting tools (Python, Perl, Bash and/or Powershell)
Ability to craft queries, YARA rules, regex, to detect threats
Required Education
Bachelor's degree in Computer Sc
About the Company
Darden's family of restaurants features some of the most recognizable and successful brands in full-service dining -- Olive Garden, LongHorn Steakhouse, Yard House, Ruth's Chris Steak House, Cheddar's Scratch Kitchen, The Capital Grille, Chuy's, Seasons 52, Eddie V's and Bahama Breeze. We own and operate more than 2,100 restaurants and are proud to employ 195,000 team members. Together, we create memorable experiences for 420 million guests annually in hundreds of communities across North America.
Know more