Senior Analyst, Cyber Security Operations

AECOM is seeking a Senior Cyber Security Analyst for our Global Cyber Security Operations Centre (CSOC). This will be a remote/virtual position that can be based from a variety of locations in Canada and the United States with specific requirements to cover North America time zone hours.

This role will be an integral part of a high performing team providing triage and response services as part of a "follow the sun" model. He/she will be responsible for partnering with members of IT in various global regions for incident containment and remediation.

Periodically the analyst will also be expected to liaise with the organization's IT and security leadership in support of security OR business project(s) with security implications. These projects typically target expansion or improvements to CSOC capabilities or new AECOM business development.

The ideal candidate for this role is a seasoned professional with a broad level of experience in multiple areas of IT and a strong emphasis on Cyber Security. This includes awareness of current security risks, threats and targeted attack methods, techniques and tactics. In addition, we are seeking someone who has experience with technical investigations using contemporary event correlation and endpoint investigation technology. Finally, the candidate should possess strong analytical skills and have an inherent passion for seeking knowledge, sharing knowledge and continuous process improvement.

MAJOR TASKS AND RESPONSIBILITIES MAY INCLUDE:

• Monitor and analyze alerts from various sources in the incident queue.

• Identify false positive alerts and suggest appropriate tuning to stop any reoccurrence.

• Accept responsibility for ongoing incidents handed off from the previous shift.

• Communicate status of new and ongoing incidents that are handed off to the following shift.

• Manage and maintain playbooks and runbooks, both manual and automated; make recommendations for improvements.

• Analyze phishing emails submitted for review. Research and document malicious emails and provide data for clean-up and email purge to the appropriate email teams.

• Identify and analyze systems exhibiting suspicious or malicious behavior.

• Collect and analyze volatile forensic data to confirm or rule out malicious or attacker activity.

• Perform threat & malware analysis and research.

• Follow up and determine root cause of incidents.

• Produce written reports to management after large scale incidents.

• Provide recommendations post-incident to mitigate failed security controls.

• Mentoring and knowledge sharing with local and global CSOC team members.

Qualifications

Minimum Requirements:

• Bachelor degree in Cyber Security, Computer Science, or similar, and at least 6 years of relevant IT / IS experience, or demonstrated equivalency of experience and/or education.

• Must be able to work one on-call weekend approximately every 6-8 weeks.

• Solid understanding of the Windows operating system, registry, security configurations, services, processes, etc.

• English oral/written communication skills.

• Ability to pass a background check.

• Able to work well on a virtual team without close Supervision.

• Ability to cover North America time zone hours

Preferred Qualifications:

• Experience working with a global company and team.

• Current security industry certifications preferred (GIAC, SC2, EC-CounciI, etc).

• Strong analytical and problem-solving skills,

• Strong interpersonal and customer service skills.

• Experience with built-in OS shell commands and 3rd party command line tools.

• Familiar with general IT security best practices and controls.

• Familiarity With Linux/Unix systems.

• Strong familiarity with various networking & infrastructure components, and how they interact.

• Experience with cloud computing.

Additional Information

• Due to the remote nature of this position, relocation assistance is not available

• Sponsorship for relevant country work authorization is not available for this position, now or in the future.

Offered rate of compensation will be based on individual education, qualifications, experience, and work location. The salary range for this position typically is $120,000 - $170,000. Please note that this role can be based anywhere in the United States and compensation data will vary in each location, including higher or lower than the stated range

AECOM is proud to offer a comprehensive benefits program to meet the diverse needs of our employees. Depending on your employment status, AECOM benefits may include medical, dental, vision, life, AD&D, disability benefits, paid time off, leaves of absences, voluntary benefits, perks, U.S and global well-being programs, employee assistance program, business travel insurance, service recognition awards, retirement savings plan, and employee stock purchase plan.

About AECOM

AECOM is the world’s trusted infrastructure consulting firm, delivering professional services throughout the project lifecycle – from advisory, planning, design and engineering to program and construction management. On projects spanning transportation, buildings, water, new energy and the environment, our public- and private-sector clients trust us to solve their most complex challenges. Our teams are driven by a common purpose to deliver a better world through our unrivaled technical and digital expertise, a culture of equity, diversity and inclusion, and a commitment to environmental, social and governance priorities. AECOM is a Fortune 500 firm and its Professional Services business had revenue of $14.4 billion in fiscal year 2023. See how we are delivering sustainable legacies for generations to come at aecom.com and @AECOM.