Unum

The cybersecurity analyst will support the company’s cybersecurity portfolio by leading the technical investigation portion of the SOC and Incident Response program. The role will be the primary point of contact for our Third-Part Security Operation Center (SOC) to escalate alerts, events, and incidents to for independent validation and remediation. The role will also involve employee reported phishing and threat hunting using existing tools

Cybersecurity Investigations; Work with third-party SOC as primary escalation point to lead Containment, Eradication, and Remediation steps during cybersecurity events and cybersecurity incidents. Triage and investigate phishing emails, and act as escalation for phishing emails.. Mentor IT staff on performing investigations .

· Azure and Exchange Online reviews and Investigations. Review and investigate alerts related to Identity Access Management (Active Directory and EntraID). Review and investigate phishing and quarantine emails. Hunt for email forwarding and mailbox rules.

· Recommend improvements for Cybersecurity Controls and Monitoring. Use lessons learned from cybersecurity events, cybersecurity incidents, phishing emails, and vulnerability management to recommend improvements to control and monitoring. Research threat groups to keep Cybersecurity Governance, Risk, and Compliance team updated on potential threat actors and their actions. Scan and report on current attack surface .

· Review and recommend edits to Governance, Risk, And Compliance documents. Work with Cybersecurity Manager to help update existing policies and procedures by reviewing drafts. Write or review Request for Proposals for vendors and services. Assist with user awareness training..

· Other duties may be assigned.

· Associate’s degree in Information Technology or Cybersecurity or related fields or equivalent. Preferred: Bachelor's degree in Cybersecurity, Digital Forensics, Information Assurance, or related study from NSA/DHS CAE accredited program.

· Two years in a Security Operation Center showing progression from monitor and detection to incident response responsibility. Preferred: Hands on experience using the NIST Computer Security Incident Handling Guide or the SANS Incident Response cycle. Familiar with the Pyramid of Pain, Cybersecurity Kill Chain, the Diamond Model of Intrusion Analysis, and MITRE ATT&CK.

· Windows System Administration. Linux System Administration. Email Administration. Writing and Editing. Knowledge of Cybersecurity Incident Response process. Valid Passport for international travel Preferred: Scripting experience in PowerShell or Python for automating tasks. Understand the Incident Response life cycle. Technical skills gained in Security Operations Center or Incident Response role..

Job Type: Full-time

Pay: From $68,000.00 per year

Schedule:

• 8 hour shift
• Day shift

License/Certification:

• Driver's License (Preferred)

Ability to Commute:

• Sterling Heights, MI 48314 (Required)

Willingness to travel:

• 25% (Preferred)

Work Location: In person