Senior Cybersecurity Analyst
First Eagle Investment Management, LLC, New York, New York, us, 10261
Senior Cybersecurity Analyst page is loaded## Senior Cybersecurity Analystlocations:
New Yorktime type:
Full timeposted on:
Posted 5 Days Agojob requisition id:
JR100884**Who we are looking for:**First Eagle is seeking a Senior Cybersecurity Analyst hire. The successful candidate is responsible for leading the design, implementation, and continuous improvement of cybersecurity controls and monitoring systems. This role involves advanced threat detection, events investigations, incident response, vulnerability management and ensuring compliance with regulatory and organizational security standards. The Analyst will serve as a technical expert, helping to safeguard the confidentiality, integrity, and availability of enterprise systems and data.**What you will do:**Threat Monitoring & Incident Response* Lead proactive monitoring of security events and alerts using SIEM and EDR tools* Investigate, analyze, and respond to cybersecurity incidents and breaches* Functions as the secondary responder to the MSSP for security incidents, ensuring timely escalation and support coverage during nights, weekends, and on a 24/7 basis when operationally required* Coordinate incident response and forensics efforts across IT and business units* Develop and maintain incident response playbooks and procedures* Works with SIEM solution to improve log analysis and correlation, build dashboards to show alerting and security posture* Execute and improve the core functions of incident response including threat detection and prevention, incident response, systems and network security monitoring, forensics and vulnerability management at enterprise scale* Review alerts and data from systems and responds appropriately, including documentation and escalation* Ensure the monitoring of intrusion detection and security information management systems to discover and mitigate malicious activity on networks if any detected* Develop tactical response procedures for security incidents* Recommend and implement mitigating actions to contain incident related activity* Act as point-person for investigations of security violations through endpoint and network forensics* Review computer security incident reports and anomalous activity of network and ensures ongoing proactive measures to mitigate risksRisk Management & Vulnerability Assessment* Conduct regular vulnerability scans, penetration testing coordination, and remediation tracking. Coordinate with internal IT engineers to prioritize patching efforts* Work with third party penetration testing providers to review FEI environments* Assess emerging threats and propose strategies to mitigate risks* Maintain and report on the organization’s risk posture and security KPIsSecurity Architecture & Governance* Administer and optimize various tools including Endpoint Detection, SIEM, IDS/IPS, Data Classification, anti-virus and anti-malware systems* Advise on secure design principles for infrastructure, applications, and cloud environments* Attend threat intelligence calls and updates with current Managed security service Provider; assist in managing the relationship and services with our MSSP* Review and enhance cybersecurity policies, standards, and procedures* Ensure compliance with frameworks such as NIST, ISO 27001, CIS Controls, and regulatory mandates (e.g., GDPR, SOX, SEC, FINRA)* Responsible for building and maintaining Information Security metrics, reports and dashboards working with the CISO and other IT teams as required; dashboards may include but are not limited to vulnerability management, phishing, and 3rd party risk and incident response metricsSecurity Awareness & Training* Responsible for administering the cyber security awareness training program for all employees* Administer and maintain third-party phishing simulation platformOperational Management* Produce and maintain regular written and in-person communications regarding pertinent security activities* Produce and maintain procedures and policies pertaining to the information security program and its technologies* Actively work with department technical and business colleagues to ensure optimal security solutions for the business needs**The qualities you should have:*** Undergraduate degree in computer science, engineering or related field and/or 5+ years working in a security operations center or information security related department* 5+ years' experience of using SIEM and EDR tools to build alerts and dashboards* CISSP or CISA preferred* Previous experience in the financial services industry is a plus* Have strong hands-on experience with SIEM and vulnerability tools, Endpoint Detection and Response Tools for incident response* Experience with and strong understanding of:
+ Administering Data Loss Prevention tools
+ IT security regulations and best practices
+ IT audit frameworks like COBiT, ITIL and NIST
+ Hardening applications and OSs including Windows and Linux
+ TCP/IP, LAN, WAN and endpoint security technologies
+ Malware/Sandboxing/Advanced Threat Protection
+ Visio* Security certifications preferred (e.g., SANS, ISC2, ISCAC and EC-Council)* Cloud security specific certification preferred (e.g., AWS, GCP, Cloud+)* Proven analytical and problem-solving abilities* Strong interpersonal, written, and oral communication skills.* Ability to prioritize and execute tasks in a high-pressure environment and make sound decisions in emergency and stressful situations* Able to conduct research into issues and products as required; keen attention to detail* Highly self-motivated and directed* Experience working in a team-oriented, collaborative environmentSalary range: $150,000 to $190,000. In addition, this role is eligible for an annual incentive bonus. Compensation may vary based upon, but not limited to – the individual's skills, experience, qualifications, and internal equity.We value our people and offer a broad range of benefits. We provide generous paid time-off, medical/dental/vision healthcare plans, 401(k) retirement and profit-sharing plans, a flexible/hybrid work environment, “dress for the day” flexible work attire, and many more great benefits. For more information, please refer to our .*First Eagle Investments and their affiliates and subsidiaries, including First Eagle Alternative Credit and Napier Park Global Capital, is an Equal Opportunity Employer.
Equal Employment Opportunity has been, and will continue to be, a fundamental principle at First Eagle, where employment is based upon personal capabilities and qualifications without regard to race, color, religious belief, including dress and grooming practices, sex, sexual orientation, gender identity, gender expression, age, national origin, marital status, citizenship, disability, veteran status, pregnancy, breastfeeding or medical conditions related to breastfeeding, status as a victim of domestic violence, sexual assault, or stalking, or any other basis protected by applicable federal, state or local law, genetic information or characteristics (or those of a family member), or any other protected characteristic as established by law.*At First Eagle, clients come first, always. To deliver on this commitment, we nurture an environment that attracts, develops, and retains a talented, inclusive workforce. We also aim to inspire each of our employees to do their life’s best work with us and for our clients. We have built a culture that promotes inclusion and respect, and holds every member of the organization to the highest standards of integrity and accountability. #J-18808-Ljbffr
New Yorktime type:
Full timeposted on:
Posted 5 Days Agojob requisition id:
JR100884**Who we are looking for:**First Eagle is seeking a Senior Cybersecurity Analyst hire. The successful candidate is responsible for leading the design, implementation, and continuous improvement of cybersecurity controls and monitoring systems. This role involves advanced threat detection, events investigations, incident response, vulnerability management and ensuring compliance with regulatory and organizational security standards. The Analyst will serve as a technical expert, helping to safeguard the confidentiality, integrity, and availability of enterprise systems and data.**What you will do:**Threat Monitoring & Incident Response* Lead proactive monitoring of security events and alerts using SIEM and EDR tools* Investigate, analyze, and respond to cybersecurity incidents and breaches* Functions as the secondary responder to the MSSP for security incidents, ensuring timely escalation and support coverage during nights, weekends, and on a 24/7 basis when operationally required* Coordinate incident response and forensics efforts across IT and business units* Develop and maintain incident response playbooks and procedures* Works with SIEM solution to improve log analysis and correlation, build dashboards to show alerting and security posture* Execute and improve the core functions of incident response including threat detection and prevention, incident response, systems and network security monitoring, forensics and vulnerability management at enterprise scale* Review alerts and data from systems and responds appropriately, including documentation and escalation* Ensure the monitoring of intrusion detection and security information management systems to discover and mitigate malicious activity on networks if any detected* Develop tactical response procedures for security incidents* Recommend and implement mitigating actions to contain incident related activity* Act as point-person for investigations of security violations through endpoint and network forensics* Review computer security incident reports and anomalous activity of network and ensures ongoing proactive measures to mitigate risksRisk Management & Vulnerability Assessment* Conduct regular vulnerability scans, penetration testing coordination, and remediation tracking. Coordinate with internal IT engineers to prioritize patching efforts* Work with third party penetration testing providers to review FEI environments* Assess emerging threats and propose strategies to mitigate risks* Maintain and report on the organization’s risk posture and security KPIsSecurity Architecture & Governance* Administer and optimize various tools including Endpoint Detection, SIEM, IDS/IPS, Data Classification, anti-virus and anti-malware systems* Advise on secure design principles for infrastructure, applications, and cloud environments* Attend threat intelligence calls and updates with current Managed security service Provider; assist in managing the relationship and services with our MSSP* Review and enhance cybersecurity policies, standards, and procedures* Ensure compliance with frameworks such as NIST, ISO 27001, CIS Controls, and regulatory mandates (e.g., GDPR, SOX, SEC, FINRA)* Responsible for building and maintaining Information Security metrics, reports and dashboards working with the CISO and other IT teams as required; dashboards may include but are not limited to vulnerability management, phishing, and 3rd party risk and incident response metricsSecurity Awareness & Training* Responsible for administering the cyber security awareness training program for all employees* Administer and maintain third-party phishing simulation platformOperational Management* Produce and maintain regular written and in-person communications regarding pertinent security activities* Produce and maintain procedures and policies pertaining to the information security program and its technologies* Actively work with department technical and business colleagues to ensure optimal security solutions for the business needs**The qualities you should have:*** Undergraduate degree in computer science, engineering or related field and/or 5+ years working in a security operations center or information security related department* 5+ years' experience of using SIEM and EDR tools to build alerts and dashboards* CISSP or CISA preferred* Previous experience in the financial services industry is a plus* Have strong hands-on experience with SIEM and vulnerability tools, Endpoint Detection and Response Tools for incident response* Experience with and strong understanding of:
+ Administering Data Loss Prevention tools
+ IT security regulations and best practices
+ IT audit frameworks like COBiT, ITIL and NIST
+ Hardening applications and OSs including Windows and Linux
+ TCP/IP, LAN, WAN and endpoint security technologies
+ Malware/Sandboxing/Advanced Threat Protection
+ Visio* Security certifications preferred (e.g., SANS, ISC2, ISCAC and EC-Council)* Cloud security specific certification preferred (e.g., AWS, GCP, Cloud+)* Proven analytical and problem-solving abilities* Strong interpersonal, written, and oral communication skills.* Ability to prioritize and execute tasks in a high-pressure environment and make sound decisions in emergency and stressful situations* Able to conduct research into issues and products as required; keen attention to detail* Highly self-motivated and directed* Experience working in a team-oriented, collaborative environmentSalary range: $150,000 to $190,000. In addition, this role is eligible for an annual incentive bonus. Compensation may vary based upon, but not limited to – the individual's skills, experience, qualifications, and internal equity.We value our people and offer a broad range of benefits. We provide generous paid time-off, medical/dental/vision healthcare plans, 401(k) retirement and profit-sharing plans, a flexible/hybrid work environment, “dress for the day” flexible work attire, and many more great benefits. For more information, please refer to our .*First Eagle Investments and their affiliates and subsidiaries, including First Eagle Alternative Credit and Napier Park Global Capital, is an Equal Opportunity Employer.
Equal Employment Opportunity has been, and will continue to be, a fundamental principle at First Eagle, where employment is based upon personal capabilities and qualifications without regard to race, color, religious belief, including dress and grooming practices, sex, sexual orientation, gender identity, gender expression, age, national origin, marital status, citizenship, disability, veteran status, pregnancy, breastfeeding or medical conditions related to breastfeeding, status as a victim of domestic violence, sexual assault, or stalking, or any other basis protected by applicable federal, state or local law, genetic information or characteristics (or those of a family member), or any other protected characteristic as established by law.*At First Eagle, clients come first, always. To deliver on this commitment, we nurture an environment that attracts, develops, and retains a talented, inclusive workforce. We also aim to inspire each of our employees to do their life’s best work with us and for our clients. We have built a culture that promotes inclusion and respect, and holds every member of the organization to the highest standards of integrity and accountability. #J-18808-Ljbffr