We are seeking a Senior Cybersecurity Analyst in our Firm-wide Information Systems department. In this role, you will be primarily responsible for the security system’s health, operational effectiveness, and efficiency of its monitoring, detection, response, and incident response functions within the Firm’s information security program and systems. You will play a key role with advanced or third level troubleshooting securing events, incidents, and infrastructure events, as well as communicating the status of ongoing security incidents, metrics, and other trends to leadership.

REQUIRED TECHNICAL SKILLS (MINIMUM OF SIX):

• Microsoft Azure Microsoft Sentinel SIEM experience of two years (or similar SIEM experience).
• Microsoft Defender Endpoint Admin experience of two years (or similar EDR).
• Microsoft Defender for Server Admin experience of two years (or similar EDR).
• Microsoft CASB Admin experience of two years (or similar CASB).
• Identity and Access Management Tool Admin Experience of two years, Microsoft EntraID, Microsoft Active Directory (or Sailpoint, CyberArk, Oracle).
• Advanced Windows and Linux operating system skills.
• Advanced HPE Intrusion Detection System Administration skills (or similar SD WAN IDS skills).
• Proficient in scripting languages such as PowerShell, Python, and skilled in using KQL.

• Understand Dorsey core business activities and deploy information security solutions specialized to protect these activities.
• Maintain operational effectiveness and efficiency of Information Security tools such as Enterprise Syslog Servers, Intrusion Detection and Protection Systems (IDS/IPS), Microsoft Sentinel SIEM, CASB, Syslog, and others security tools maintaining systems, versions to current releases, backups, and partnering with Infrastructure teams as appropriate.
• Implement, maintain, deploy, monitor the SIEM, IDS/IPS, CASB, XDR/EDR Agents, and Syslog Servers feeding the SIEM, along with other security monitoring solutions to ensure the system health, completeness, and effectiveness of security monitoring.
• Create new SIEM detections aligned with the MITRE ATT&CK framework and recommend SIEM, CASB and other security tool improvements to leadership. Lead the team in researching and leveraging intelligence sources to improve security alert, event, and incident detection and response capabilities.
• Lead the security team to maintain and improve secure and resilient cloud and on-premises monitoring processes, and procedures, including the Incident Response Plan, IR playbooks, Operations playbooks, communications plans, threat hunting, SOC metrics, KPIs, and service level objectives for security events and incidents.
• Automate repetitive tasks within the SOAR environment using ML/AI to drive efficiencies, enabling focus on more-advanced tasks.
• Refine, update, and maintain playbooks, policies, procedures, Information Security Standards and Guidelines and align with industry best practices.
• Coordinate activities and escalations with Dorsey Information Security managed security service providers (MSSP).
• Examine log source data across endpoints, databases, applications, identity management, networks, mobile devices, and cloud. Expert analysis of logging, malware, or other malicious activity on Firm systems.
• Recommend adjustments to security tool configurations to minimize false positives. Provide recommendations for improving monitoring logging, identity management, data protection, detection, and preventative controls.
• Work with platform or business owners to identify security improvements, monitoring and remediation efforts post security assessments requiring attention.
• Maintain strong partnerships with security engineering, incident response, infrastructure, and IT teams to improve monitoring, workflow, and response capabilities.
• Serve as third-level, triage support to cyber security, information security event, incident response tickets, mentoring junior Security Operations Center staff (SOC), and leading the more difficult security alerts, events, and incidents.
• Participate in rotating after-hours, weekend, and holiday on-call schedule for escalation of security issues.
• Assist with security standards and security configuration baseline and updates for systems and business applications.
• Serve as a member of the information security change management team.
• Attend/participate in regular technical and non-technical projects and implementation meetings and serve as the security consultant to help guide secure application and infrastructure configurations, information security oversight and to ensure policies, procedures and standards are met.
• Assist with internal and external auditors for compliance and risk assessments if needed.
• Upon request, work with the SOC Manager to report on the state of the SOC to Information Security Director and stakeholders.
• May be requested to perform other analyst duties not listed above.