The S&P Global CIRT team is looking to hire an Incident Response Analyst/Threat hunter to be part of the Global CIRT Team.
As a CIRT Analyst you will be responsible for the detection and containment of Cyber Incident events effecting S&P Global.
As the Threat Hunter it will be your responsibility to build create methodology, and work on developing a mature threat hunting program which will focus on
finding anomalies and gaps in the security posture, recommend and implement solutions to eliminate them.
The ideal individual will have 2-3 years of incident response experience, enjoys staying on the cutting edge of the cyber world, can function independently and part of a global team.
* Experience with forensic tools (encase, ftk, open source) * Understanding and familiarity with SEIM products, Qradar, Splunk, Elk * Understanding of cyber security exploits and vulnerabilities. * Understanding and familiarity with penetration testing tools. * Understanding of Red team/Blue team activities * Familiarity with Mitre Att&ck Framework
* Develop and participate in threat hunting activities within Incident Response. * Triage responses to cybersecurity events and conduct forensic analysis when required * Work closely with S&P Global SOC team to remediate events. * Recommend Process improvements. * Drive efforts towards the containment of threats and the remediation of the environment during or after an incident * Understand the threat landscape through collaboration with the Threat Intelligence team and other stakeholders * Support incident response activities * Build an understanding of key S&P technology, systems, and business practices
* Passion for security * Working knowledge of common attack vectors and penetration techniques * Demonstrated experience handling security events in critical environments * Advanced knowledge of network protocols and operating systems * Experience analyzing system and application logs to investigate security and operational issues * Demonstrated experience utilizing a SIEM in investigating security issues * Strong knowledge of current enterprise detection and monitoring technologies and processes * Minimum 3 years of information security experience * Minimum 2 years focused on incident response, red team, or threat hunting activities * Ability to work in an \"on call\" status as necessary * Organization skills with the ability to multi-task and identify priorities, work with cross-functional global teams, and execute on schedule * Ability to communicate to a technical and non-technical audience. * Excellent report writing and presentation skills * Comfortable working in a fast-paced, exciting environment * Understanding of Cloud concepts AWS, Azure, Alibaba * Understanding of Cloud concepts AWS, Azure, Alibaba
* Experience in the financial services industry * Experience with digital forensics and data acquisition. * Coding/Scripting in any major language (.NET, Java, Python, Ruby, PowerShell * Windows and Linux administration tools and concepts * Prior SEIM Experience * Understanding of the MITRE ATT&CK Framework
To all recruitment agencies: S&P Global does not accept unsolicited agency resumes. Please do not forward such resumes to any S&P Global employee, office location or website. S&P Global will not be responsible for any fees related to such resumes.
S&P Global is an equal opportunity employer committed to making all employment decisions without regard to race/ethnicity, gender, pregnancy, gender identity or expression, color, creed, religion, national origin, age, disability, marital status (including domestic partnerships and civil unions), sexual orientation, military veteran status, unemployment status, or any other basis prohibited by federal, state or local law. Only electronic job submissions will be considered for employment.
If you need an accommodation during the application process due to a disability, please send an email to: