Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Jobs InfoSec Jobs

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This listing has expired and therefore is not publicly viewable.

Cybersecurity Forensic Analyst
Company Lubrizol
Location North East Ohio or United States
Preferred GIAC Certifications GCFA, GCNA
Travel 5%
Salary Not provided
Contact Name LaMarques Greenwood
Contact Email LaMarques.Greenwood/at/
Expires 2021-08-21

Job Description

The Lubrizol Corporation, a Berkshire Hathaway company, is a market-driven global company serving customers in more than 100 countries. We own and operate manufacturing facilities in 17 countries, as well as sales and technical offices around the world. Through our global sales and manufacturing networks, we are able to deliver the products and services our customers need, where and when they need them.
At Lubrizol, our mission is straightforward: We improve lives as an essential partner in our customers’ success, delivering efficiency, reliability or wellness to their end users. Read the cover story in Smart Business Magazine to learn how Lubrizol plans to advance its growth.

The Security Operations Center at Lubrizol has an opening for a Cybersecurity Forensic Analyst. This is a senior-level technical analyst that is relied upon to conduct extensive system forensics as part of both cybersecurity incident response and insider threat investigations. If you have experience developing strategies to combat cyber attacks and leading incident response teams, this might be the role for you.

##Essential Job Functions

*Serve as a subject matter expert within an incident response team to conduct forensic examinations of systems in the deconstruction of cybersecurity attacks. In doing so, define and lead iterative analysis processes to ensure effective containment, mitigation and recovery can be managed and accomplished by the incident response team to ensure that the determination of initial attack vectors, tactics and tools used, scope of attack, and extent of compromise are fully determined to the degree possible.
*Develop expertise in Lubrizol’s security tools to conduct internal investigations brought forward and approved by the business.
*Communicate findings, assumptions and theories effectively to assist in the incident response process.
*Serve as an escalation resource and mentor for SOC analysts for advanced analysis.
*Conduct data/evidence gathering, documentation and handler activities during incidents and investigations ensuring sound forensic practices.
*Document the critical tools and sources of information necessary for investigations and incident response efforts, monitor to ensure they are operating as intended, and notify appropriate parties when problems are identified.
*Conduct threat hunting activities through proactive analysis of log, network and system data including system image analysis to identify threats and ensure mitigation measures are effective.
*Provide sound technical recommendations that help enable remediation of security issues.
*Identify and incorporate applicable indicators of compromise (IOCs) and cybersecurity threat intelligence to aid in the investigation and mitigation of cybersecurity attacks.
*Support IT administrators and cybersecurity personnel to ensure successful incident response practices and business system recovery.
*Provide recommendations for improvements to internal SOC processes and procedures based on experience and operational insight.
*Work with IS to identify and implement best practices for IT security.
*Understand and evaluate cybersecurity trends and risks.
*Perform or participate in penetration testing.
*As part of a global information security team, provide insight and recommendations to leadership.
*Stay up to date on information technology trends and security standards.
*Provide cybersecurity insights and act as an information security advocate to the business.
*Other information security activities as needed.

##Critical Competencies

*Demonstrated effectiveness of working independently, establishing priorities and managing task completion within deadlines that are responsive to urgency of incident response requirements.
*Able to communicate effectively through writing, speaking, and presenting to fellow team members.
*Team player capable of supporting fellow teammates.
*Expert knowledge in network traffic analysis, threat detection, and advanced threat tactics, techniques and procedures (TTPs).
*Expert experience in cybersecurity event analysis, intrusion detection, security operations, and forensic analysis tools and processes.
*Strong interpersonal skills.
*Strong IT process discipline.
*Sound decision making, proactive/creative problem solving and strategic thinking skills.
*Must be able to interact across geographical regions and the broader organization.
*Responsive to internal stakeholders.

##Required Qualifications

###Education / Certifications:

*Computer Science or related 4-year degree


*3+ years of experience in forensic analysis, cyber threat intelligence and/or offensive security practices, or other similar role
*Experience creating advanced and detailed queries, such as regular expressions, for log, event and correlation analysis.
*Experience with Security Information and Event Management (SIEM) systems, including analysis and incident workflow development processes.
*Experience with a broad array of cybersecurity tools and technologies with the ability to navigate management consoles to extract necessary investigative information as well as to assist in the configuration to enable detection and prevention as part of the response process.
*Broad knowledge and experience with varieties of network and security architecture principles, firewall and IDS/IPS fundamentals, endpoint security systems and other security protective/detective systems.
*Knowledge of cloud technologies and email systems necessary to conduct analysis of cybersecurity attacks in a variety of environments and platforms.
*Experience with the identification and analysis of vulnerabilities and attacker exploit techniques.
*Experience training and mentoring others on advanced technical topics such as log and traffic analysis and intrusion detection.
*Experience with quickly learning and understanding complex environments, independently reaching stretch goals, and continually improving knowledge and capabilities.
*Experience taking on complex and difficult problems, formulating a path forward, and executing steps that demonstrate meaningful progress.
*Strong interpersonal networking skills.
*Knowledge and experience with security access administration systems and processes.
*Knowledge and experience with a wide variety of technologies from network, servers, endpoints, IoT, etc.

##Work Environment


*Minimal travel expected to global operational sites (a couple of trips per year).

###Work Hours:

*M-F, 1st shift or as needed to address critical incident response activities.

###Physical Demands:

*General office-type activity.

##Lubrizol Benefits

*Visit for more information
*Competitive salary with performance-based bonus plans
*401K Match plus Age Weighted Defined Contribution Plan
*Competitive medical, dental & vision offerings
*Health Savings Account
*Paid Holidays, Vacation, Parental Leave

While headquartered in the United States, Lubrizol is truly a global specialty chemical company. We have a major presence in five global regions and do business in more than 100 countries. Our corporate culture ensures that Lubrizol is one company throughout the world, but you will find each region is a unique place to work, live and play.

Lubrizol is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to sex, race, color, national origin, citizenship, age, religion, marital status, military service, sexual orientation, genetic information, gender identity, or any other characteristic or trait protected by federal, state, or local law.

Nearest Major Market: Cleveland
Nearest Secondary Market: Akron
Job Segment: Information Systems, Computer Science, Cyber Security, Information Security, Technology, Security