IT Security Analyst, Tier III

Company URL:

W.R. Berkley Corporation is comprised of 60 businesses alongside Berkley Technology Services (BTS) and other shared services groups.

Here at Berkley Technology Services the core of our success is our people. Our teams bring their own unique perspective and experiences which enables us to translate the needs of our business to deliver adaptable secure solutions while providing an unmatched user-focused experience.

Our tagline Thoughtful Minds Empowering Possibilities was crafted with our own teams in mind. At BTS our teams thrive in Berkleys decentralized model - leveraging the power of being part of a long standing heritage brand with extensive expertise while innovation and being entrepreneurial is encouraged.

Internally we operate as a relatively flat organization valuing communication and feedback. We pride ourselves in an open-door policy where no one is treated differently based on title fostering a culture of trust transparency and engagement.

Mission (what we stand for): We Believe in the value of every voice Translate needs into capabilities & Secure the future of Berkley.

Vision (where were going): Be the foundation of Berkley through adaptable solutions resilient environments and an unmatched experience.

Come join us as we push forward into the future of industry leading technological solutions.

The Tier III Security Analyst - SME position is assigned to the Security Operations Team. The primary purpose of this position is to be force multiplier to proactively identify investigate respond contain and report on cyber incidents by using pattern recognition data sets communication forensics and analytics. This position involves leadership duties and responsibilities that must continue to be performed during crisis situations and contingency operations which may necessitate extended hours of work.

• Demonstrated leadership in directing and conducting research efforts including prior experience as lead Investigator.
• Strong background in computer/network security concepts and technologies including extensive knowledge of enterprise security operations and computer network vulnerabilities and exploits.
• Experience writing technical reports and presenting results to leadership.
• Identify deficiencies in security posture and develop administer and participate in action plans to address these gaps.
• Experience in managing large-sized projects/programs across multiple disciplines and/or teams.
• Advanced-level understanding of business risk and how to properly advise a customer through critical situations
• Conduct analysis of network traffic and host activity across a wide array of technologies and platforms Perform general SIEM monitoring analysis content development and maintenance
• Conduct and drive incident response activities such as host triage and retrieval malware analysis remote system analysis end-user interviews and remediation efforts
• Compile detailed investigation and analysis reports for internal SOC consumption and delivery to leadership
• Track threat actors and associated tactics techniques and procedures (TTPs) by capturing intelligence on threat actor TTPs and developing countermeasures in response to threat actors
• Analyze malicious campaigns and evaluate the effectiveness of security technologies
• Provide forensic analysis of network packet captures DNS proxy Netflow malware host-based security and application logs as well as logs from various types of security sensors
• Conduct and provide computer forensic analysis of system memory and disk images
• Coordinate threat hunting activities across the network leveraging intelligence from multiple internal and external sources as well as cutting-edge security technologies
• Hunt for and identify threat actor groups and their techniques tools and processes
• Identify gaps in IT infrastructure by mimicking an attackers behaviors and responses
• Provide analytic investigative support of large scale and complex security incidents
• In depth understanding of cloud service providers (CSP) security offerings
• Understanding of and ability to perform malware reverse engineering
• Effective at utilizing sandbox technologies to detonate malware samples
• Provide Person in Charge (PIC) coverage when on rotation.

• Strong understanding of Lockheed Martins Kill Chain (preferred)
• In depth knowledge of MITRE ATT&K matrix (preferred)
• Advanced understanding of networking concepts and ability to analyze network artifacts
• Effective communication across technical silos
• 6-10 years of actual work-related experience in the field of Information Security
• Experience with SIEM solutions (preferably Splunk or similar tool) search language techniques alerts dashboards report building and creation of automated log correlations.
• 6-10 years of relevant cybersecurity experience in IT Security Incident Response or network security with a strong knowledge working in a SOC
• The ability to write well and convey information to the intended audience in an easily understood manner
• Bachelors Degree in Computer Science Information Technology Information Systems or a related discipline. Equivalent experience and/or alternative qualifications will be considered.
• One or more relevant industry cybersecurity certifications preferred (GCIA GCIH GREM CEH etc.)

The Company is an equal employment opportunity employer.