- Location: Melbourne, Australia or Remote, Global
AECOM is seeking a Security Analyst for our Global Cyber Security Operations Centre (CSOC). The work location for this position is global and remote with specific requirements to cover the UTC +10 or +11 time zone hours covering the APAC region.
This role will be an integral part of a high performing team providing triage and response services as part of a “follow the sun” model. He/she will be responsible for partnering with members of IT in APAC and other global regions for incident containment and remediation.
Periodically the analyst will also be expected to liaise with the organization’s IT and security leadership in support of security OR business project(s) with security implications. These projects typically target expansion or improvements to CSOC capabilities or new AECOM business development.
- The ideal candidate for this role is a seasoned professional with a broad level of experience in multiple areas of IT and a strong emphasis on Cyber Security.
- This includes awareness of current security risks, threats and targeted attack methods, techniques and tactics.
- In addition, we are seeking someone who has experience with technical investigations using contemporary event correlation and endpoint investigation technology.
- Finally, the candidate should possess strong analytical skills and have an inherent passion for seeking knowledge, sharing knowledge and continuous process improvement.
MAJOR TASKS AND RESPONSIBILITIES MAY INCLUDE:
- Create strong relationships with IT leaders in the APAC region to become a trusted partner in the realm of incident response.
- Accept responsibility for ongoing incidents handed off from the previous shift.
- Communicate status of new and ongoing incidents that are handed off to the following shift.
- Manage and maintain playbooks and runbooks, both manual and automated; make recommendations for improvements.
- Analyze phishing emails submitted for review.
- Monitor and analyze alerts from various sources in the incident queue.
- Identify false positive alerts and create appropriate exceptions to quiet noisy alerts.
- Identify and analyze systems exhibiting suspicious or malicious behavior.
- Collect and analyze volatile forensic data to confirm or rule out malicious or attacker activity.
- Document and research malicious emails from phishing review and provide data for cleanup and email purge to the appropriate email teams.
- Create and edit granular email filter rules to catch current phishing/malware campaigns.
- Document Indicators of Compromise (IOCs) in threat intelligence database.
- Perform threat & malware analysis and research.
- Perform containment during incident response.
- Follow up and determine root cause of incidents.
- Produce written reports to management after large scale incidents.
- Provide recommendations post-incident to mitigate failed security controls.
- Contribute to procedural methods and documentation.
- Mentoring and knowledge sharing with local and global CSOC team members.