|Preferred GIAC Certifications||GCFE,GFCA,GNFA|
|Contact Name||Tina Machovina|
The Lubrizol Corporation, a Berkshire Hathaway company, is a market-driven global company serving customers in more than 100 countries. We own and operate manufacturing facilities in 17 countries, as well as sales and technical offices around the world. Through our global sales and manufacturing networks, we are able to deliver the products and services our customers need, where and when they need them.
At Lubrizol, our mission is straightforward: We improve lives as an essential partner in our customers’ success, delivering efficiency, reliability or wellness to their end users.
Lubrizol is currently seeking a Cybersecurity Forensic Analyst to join our Cybersecurity team. This is an exciting role if you're able to dig beyond the surface to find insider threats, participate in cybersecurity incident responses, and execute legal e-discovery requests. Ideally, this position would be based near one of our facilities, and you must reside in the United States.
Serve as a subject matter expert within an incident response team to conduct forensic examinations of systems in the deconstruction of cybersecurity attacks, performing iterative analysis processes to ensure effective containment, mitigation and recovery can be managed and accomplished by the incident response team to ensure that the determination of initial attack vectors, tactics and tools used, scope of attack, and extent of compromise are fully determined to the degree possible.
Develop expertise in Lubrizol’s security tools to conduct internal investigations brought forward and approved by the business.
Communicate findings, assumptions and theories effectively to assist in the incident response process.
Serve as an escalation resource and mentor for Security Operations Center (SOC) analysts for advanced analysis.
Conduct data/evidence gathering, documentation and handler activities during incidents and investigations ensuring sound forensic practices.
Document the critical tools and sources of information necessary for investigations and incident response efforts, monitor to ensure they are operating as intended, and notify appropriate parties when problems are identified.
Conduct threat hunting activities through proactive analysis of log, network and system data including system image analysis to identify threats and ensure mitigation measures are effective.
Identify and incorporate applicable indicators of compromise (IOCs) and cybersecurity threat intelligence to aid in the investigation and mitigation of cybersecurity attacks.
Support IT administrators and cybersecurity personnel to ensure successful incident response practices and business system recovery.
Provide recommendations for improvements to internal SOC processes and procedures based on experience and operational insight.
Perform or participate in penetration testing.
Work with IS to identify and implement best practices for IT security.
Understand and evaluate cybersecurity trends and risks, stay up to date on information technology trends and security standards, and provide cybersecurity insights and act as an information security advocate to the business.
Qualifications & Experience
Computer Science, related 4-year degree, or equivalent experience
3+ years of experience in forensic analysis, cyber threat intelligence and/or offensive security practices, or other similar role
Experience creating advanced and detailed queries, such as regular expressions, for log, event and correlation analysis.
Experience with Security Information and Event Management (SIEM) systems, including analysis and incident workflow development processes.
Experience with a broad array of cybersecurity tools and technologies with the ability to navigate management consoles to extract necessary investigative information as well as to assist in the configuration to enable detection and prevention as part of the response process.
Broad knowledge and experience with varieties of network and security architecture principles, firewall and IDS/IPS fundamentals, endpoint security systems and other security protective/detective systems.
Knowledge of cloud technologies and email systems necessary to conduct analysis of cybersecurity attacks in a variety of environments and platforms.
Experience with the identification and analysis of vulnerabilities and attacker exploit techniques.
Experience training and mentoring others on advanced technical topics such as log and traffic analysis and intrusion detection.
Knowledge and experience with security access administration systems and processes.
Knowledge and experience with a wide variety of technologies from network, servers, endpoints, IoT, etc.