Security Analyst

Summary

The Security Analyst (Digital Forensics and Incident Response) as part of the Incident Response team within the SOC works to resolve reports of malware phishing data leaks all other identified security issues.

With your technical expertise of querying data with multiple tools you will identify the root cause of cyber security issues then coordinate across IT teams to resolve them. In collaboration with the Fraud and Investigation team you will also assist with joint cyber/insider threat investigations.

Incidents assigned to you will be taken from initial report to resolution delegating responsibilities to other IT teams where necessary and coordinating all actions with stakeholders including management.

Youll also be providing feedback on security detections to the SOC team assist with tuning alerts and assist with designing new detections. When time permits you will also support threat hunting efforts and detect undiscovered malicious behaviors.

Responsibilities

Acting as a central point of contact within the global incident response team the Security Analyst will:

• Review & respond to alerts presented in security tools.
• Coordinate or escalate the resolution of security incidents.
• Query and analyze log sources in the SIEM for IOCs attacker TTPs and evidence of suspicious behavior.
• Identify security risks find the root cause and bring risk to an acceptable level for management.
• Write postmortem report and present them to stakeholders.
• Develop and maintain procedure to respond to detections.
• Collaborate with other teams to automate playbooks.
• Meet with adjacent security department teams to communicate incident trends.
• Automate follow ups escalations and reminders to focus on operational goals.
• Extract IOCs & TTPs from previous attacks and coordinate with other teams to reduce incident reoccurrence.
• Use open source and internal information to gather knowledge on recurring threat actors

For additional information our team uses Splunk Crowdstrike Microsoft E5 (Defender MCAS EDiscovery) ideally you have experience with these tools or an equivalent.

Qualifications :

Education & Experience

• Bachelors in Computer Science Cyber Security or IT College Degree in a related discipline;
• Previous experience in Security Operating Center a plus.
• Experience with one or more of: threat hunting digital forensics incident response and corporate investigations.

Knowledge & Skills

• Knowledge of one or more of:
  • SIEMs: Query expertise (Logical operators AND OR NOT Filtering Time bounding wildcards regexes) 
  • Endpoint AV & EDR experience: Knowledge of inspecting process trees registry modifications & network activity
  • Digital Forensics Tools: Forensic Capture Disk Image Analysis Memory Analysis
• Knowledge of threat actor TTPs and typical attack methods defined in MITRE ATT&CK.
• You know where malware hides how it evades detection how to find it how to remove it and how to prevent reinfection.
• Experience in remediating large security incidents such as Data Breaches Ransomware Cryptocurrency Miners and insider threat activity.
• Demonstrating motivation through your involvement in the security community having personal projects certifications participation in CTFs home security lab or keeping updated on security trends;
• English is required both orally and written.

Additional Information :

While the team operates under a follow the sun coverage model and not on a 24/7 rotation or night shift basis on rare occasions you may be called to assist with resolving major incidents outside of standard working hours.

Due to the nature of incident response you will be working in a fastpaced environment and must be efficient at prioritizing multiple critical incidents.

Skills and competencies show up in different forms and can be based on different experiences thats why we strongly encourage you to apply even though you may not have all the requirements listed above.

At Ubisoft you can come as you are. We embrace diversity in all its forms. Were committed to fostering a work environment that is inclusive and respectful of all differences.

Ubisoft is a leading creator publisher and distributor of interactive entertainment and services with a rich portfolio of worldrenowned brands including Assassins Creed Just Dance Tom Clancys video game series Rayman Far Cry and Watch Dogs. The teams throughout Ubisofts worldwide network of studios and business offices are committed to delivering original and memorable gaming experiences across all popular platforms including consoles mobile phones tablets and PCs.

Remote Work :

No

Employment Type :

Fulltime