Wintrust Financial Corporation Senior SOC Analyst in Rosemont, Illinois

This job was posted by https://illinoisjoblink.illinois.gov : For more information, please see: https://illinoisjoblink.illinois.gov/ada/r/jobs/6282873 Position Overview The Senior SOC Analyst is directly responsible for computer network defense through the monitoring, triage, and communication of security alerts and events. Analysts will use various tools and technologies to investigate alerts. Furthermore, the Analyst may be required to both monitor and utilize third party tool-sets in the client environment to assist with the identification of security threats. Essential Job Functions


+ Perform Tier I/II initial incident triage - Review security events that are populated in a Security Information and Event Management (SIEM) system and trouble tickets generated by Tier 1 Analyst(s). Reviews and collects asset data (configs, running processes, etc.) and analyzes a variety of network and host-based security appliance logs (Firewalls NIDS, HIDS, Sys Logs, etc.) on these systems for further investigation, determines and directs remediation and recovery efforts.



+ Leverags emerging threat intelligence - (IOCs, updated rules, etc.) to identify affected systems and the scope of cyber security incidents. Provides information regarding intrusion events, security incidents, and other threat indications. Conducts threat modeling exercises.



+ Involved in a wide range of network and asset design, maintenance and troubleshooting - including issues architectures, firewalls, electronic data traffic, and network access. Designs, tests, and implements secure operating systems, networks, security monitoring, tuning and management of IT security systems and applications, incident response, digital forensics, loss prevention, and eDiscovery actions. Conducts risk and vulnerability assessment at the network, system and application level.



+ Provide subject matter expertise to the development of cyber operations - Researches, evaluates and recommends new security tools, techniques, and technologies and introduces them to the enterprise in alignment with IT security strategy. Assist in the coordination, validation, and management of all-source collection requirements, plans, and/or activities. Assist with the development of processes and procedures to improve incident response times, analysis of incidents, and overall SOC functions.


+ BS or equivalent 2 yrs. related experience, or MS 2 yrs experience in a technically related field OR equivalent related work experience.



+ Ability to accurately and completely source all data used in intelligence, assessment and/or planning products.



+ Develop or recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists.



+ Identify critical target elements, to include critical target elements for the cyber domain.



+ Prepare and present briefings.



+ Write, review and edit cyber-related Intelligence/assessment products from multiple sources.



+ Ability to think like threat actors.



+ Previous experience on a Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) or a Security Operations Center (SOC) required.



+ Computer networking fundamentals (i.e., basic computer components of a network, types of networks, etc.) and Network traffic analysis methods. Working knowledge of Windows and Linux OS to include experience working in the command line interface. Knowledge of IPS/IDS, Experience managing cases with enterprise SIEM systems (e.g. LCE, ArcSight, Splunk) and other network security tools. Experience reviewing and analyzing network packet captures.



+ Knowledge of information security event monitoring and detection and NID monitoring and incident response; Cyber-attack stages (e.g., rec nnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks); Attack methods and techniques (DDoS, brute force, spoofing, etc.).



+ Strong research background. Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. (a plus, not required)


Wintrust Financial Corporation (Wintrust) is a financial services company based in Rosemont, Illinois, with approximately $30 billion in assets. We engage in the business of providing traditional community banking services, commercial banking, wealth management services, commercial insurance premium financing, life insurance premium financing, mortgage origination, short-term accounts receivable financing, and certain administrative services, such as data processing of payrolls, billing and treasury management services. We provide community-oriented, personal and commercial banking services to customers located in the greater Chicago, Illinois and southern Wisconsin areas through our 15 wholly-owned banking subsidiaries. We provide an engaging, dynamic work environment, an excellent compensation package including 401k, employee stock purchase plan, medical/dental, life insurance and more! Wintrust Financial Corporation, including community banking and financial services subsidiaries, is an Equal Opportunity Employer. All qualified applicants will receive consideration for