Sr Analyst Cyber Security Operation Center
Who We Are:
Saks is a world-renowned luxury ecommerce destination. The company’s unique approach combines a focus on the digital customer experience with a strong connection to a network of extraordinary stores that extends that seamless experience into the real world.
On its website and app, Saks offers an unparalleled selection of curated merchandise across fashion for women and men, beauty, jewelry, home décor and more. In addition to the shopping experience, customers come to Saks for inspiring editorial content, access to digital stylists, lifestyle experiences and other world-class services. The company is currently in the midst of a dramatic expansion, driven by significant enhancements to its platforms and offerings, with the goal of becoming the preeminent destination for luxury internationally.
Saks is looking for a Cyber Security Operation Center (CSOC) Tier 3 Analyst to help stand up a greenfield SOC. We seek a team player with experience in a SOC that understands the importance of collaboration. Did you grow up on the internet, movies, books, and video games, creating strategies to win against your opponents? Creating working systems to win? Are you looking for a role that protects people from the bad guys? As a Tier 3 Analyst, you will guide and help build the CSOC and a Team (a hybrid model of internal and external partners) that is focused on protecting our operations, our clients and their valuable data. This position will help guide and mentor the team and actively lead and participate in investigations, identification, reporting and responding to cyber threats. You will coordinate resources during incident response efforts, assist with classifying security events, develop remediation guidance, support documentation, reporting deliverables (reports, analysis, storytelling with data), and assist with system security compliance and vulnerability management. And whatever it takes to respond to security incidents with a team attitude.
- Provide security monitoring and incident response of cyber security events in a highly available SOC that supports internal and external customers
- Maintain 24x7x365 situational awareness of Saks cyber-threat landscape as it relates to security monitoring leveraging our SIEM, our MDR partners, our Slack channels and other alerting sources
- Help build and design the optimal 24x7 world class Cyber Security Operations Center for Saks
- Be willing to be on-call for incident response and incident remediation
- Be called upon to provide input for continuous improvement in operations, technology and standard operating procedures
- Respond to cyber security tickets (JIRA) and provide analysis and trending of log data from security devices as well as various security tool portals
- Monitor and analyze Security Information and Event Management (SIEM) alerts, a shared vendor dashboard, and log data to identify security issues for remediation and investigate events and incidents
- Provide mentorship to Cyber Security Operations Center Analysts
- Knowledge of SIEM (Sumo Logic), SQL, Crowdstrike, CyberArk, Threat Intelligence and SOC operations
- Work across departments to improve the security posture and performance of systems using security tools
- Tune rules, adjust and monitor thresholds to improve the fidelity of alerts minimizing false positives
- Prepare succinct analysis and results to brief management and stakeholders
- Provide Incident Response support when analysis confirms actionable incident
- Investigate, document, and report on information security issues and emerging trends
- Provide proactive “threat hunting” to detect incidents solo and in conjunction with external partners
- Willingness and ability to help engineer the SOC
- Mentor junior staff, peers, partners and interns
- Experience as a Senior Security Analyst/Tier 2/3 guiding and mentoring a team
- Significant experience with Security Operations Center, network event analysis, and/or threat analysis
- Significant real world experience working as an Incident Responder
- Knowledge of various security methodologies and technical security solutions
- Experience working with legal, GRC, external clients, external parties such as MSSPs or MDRs and Pentest consultants
- Experience analyzing data from cybersecurity monitoring tools
- Ability to analyze endpoint, network, and application logs
- Experience tuning and/or configuring EDR, SIEM, and vulnerability tools
- Knowledge of common Internet protocols and applications
- Scripting experience in Linux, PowerShell, XML, Python and/or SQL desired (Terraform - AWS experience a bonus)
- You have excellent attention to detail and accuracy
- An ability to write standard operating procedures that are relevant, clear and precise
- Strong organizational / time management skills, you’re comfortable context & task switching between multiple incidents and investigations
- You show initiative, accountability and are always looking for ways to solve problems
- With excellent communication skills, you’re able to build strong business relationships beyond the infosec team.
- You’re comfortable working in a complex environment in ambiguous situations
- Bachelor’s degree in Computer Science, Information Technology, or equivalent experience
- Legal right to work in the United States
- Must be fully vaccinated against COVID-19 and, if hired, present proof of vaccination prior to beginning employment.
Your Life and Career at Saks Fifth Avenue
- Be part of a world-class team; work with an adventurous spirit; think and act like an owner- operator!
- Exposure to rewarding career advancement opportunities, from retail to supply chain, to digital or corporate
- A culture that promotes a healthy, fulfilling work/life balance
- Benefits package for all eligible full-time employees (including medical, vision and dental).
- An amazing employee discounts