Sr. Lead Cybersecurity Analyst

Overview

Welcome to the Cybersecurity Incident Response & Operations team (CSIRT) at Chick-fil-A. We are a dedicated group focused on identifying and responding to cyber threats against our organization. As a Senior Lead Cybersecurity Analyst, you will apply your technical experience to help build and maintain capabilities around monitoring, detecting, and responding to cybersecurity threats, serving as a technical lead and subject matter expert on the team, and helping shape our team's efforts across the business.

Our Flexible Future model offers a healthy mix of working in person and virtually, strengthening key elements of the Chick-fil-A culture by fostering collaboration and community.

Responsibilities

• Triage and respond to security events and incidents from various sources, primarily coordinating with your peers through our SOAR platform.
• Partner with groups outside of Cybersecurity on triage and response efforts as needed for security events and incidents.
• Identify and propose new technologies, methodologies, and/or approaches to detecting malicious activity.
• Collaborate with peers on threat hunting and data analytics strategy and capabilities.
• Contribute to the maintenance of a SIEM solution through defect fixes, content updates, and new use-case development.
• Contribute to the maintenance of a SOAR solution through content updates and new use-case development.
• Contribute to the maintenance of anti-phishing preventative platforms through new detection and triage rule development.
• Collaborate with external security partners on detection and response to cyber threats.
• Research threat landscape and trends to adapt our capabilities to keep pace with malicious actors.
• Provide investigation findings to relevant business units to help improve cybersecurity posture.
• Identify and conduct operational intelligence analysis to identify process and capability improvement opportunities for the CSIRT team.
• Represent CSIRT team's perspective and objectives in consultant-like collaborative efforts with Cybersecurity peers and colleagues in DTT.
• Participate in threat modeling collaboration with other members of the cybersecurity team.

• Strong understanding of cybersecurity principles, practices, and technologies.
• Proficiency in using security tools such as SIEM (Security Information and Event Management), SOAR (Security Orchestration, Automation, and Response), and anti-phishing platforms.
• Experience in threat hunting, incident response, and forensic analysis.
• Knowledge of networking protocols, operating systems, and cloud environments.
• Familiarity with programming languages like Python, PowerShell, or scripting for automation.
• Ability to analyze security events, incidents, and trends to identify threats and vulnerabilities.
• Strong problem-solving skills to investigate and resolve complex cybersecurity issues.
• Aptitude for researching and staying updated on the latest cybersecurity threats and trends.
• Strong communication skills to articulate technical concepts to non-technical stakeholders and present findings to business units.
• Flexibility to adapt to evolving cybersecurity threats and technologies.

• Experience with Palo Alto Cortex XSOAR
• Experience with Splunk Enterprise Security
• Experience with Sublime Security
• Experience with DataDog
• Experience with AWS Cloud Services
• Experience detecting and responding to threats in Kubernetes environments.
• OSCP, GSEC, GCED, GCIH, CISSP, GMON