· Analyze potential security incidents to determine impact/scope of the incident, leading the team through complex analysis and incident response activities.
· Follow and help create Incident Response procedures to perform preliminary log collection and incident investigations, determining the cause of the security incident, containing the threat, and building protections against future infections.
· Interface and drive response/project work forwards with technical personnel and other teams in the ISO as well as the larger organization as required.
· Follow and help create escalation procedures to counteract and contain potential threats.
· Appropriately inform and advise CSOC Director on incidents and incident prevention, while helping to coordinate the Analyst Team and while functioning as site/shift lead(s).
· Drive documentation improvements of CSOC processes/tools/knowledge based upon observations and feedback from the Analyst Team.
· Lead and plan knowledge sharing with Analysts while developing solutions/processes/detections efficiently.
· Conduct network, endpoint, and log analysis by utilizing various consoles on a regular basis (e.g., SIEM, IPS, firewall, EDR, Advanced malware detection etc.).
· Help lead the Analyst Team to leverage the toolset to investigate incidents using computer/network forensic techniques to reconstruct events, identify unknown intrusions through use of indicators of compromise, and to identify and track any lateral movement.
· Candidate is expected to help lead interactions with other team members, management, and other IT teams (Workstation, Network, Server, Cloud, etc.).
· Maintain the integrity and security of enterprise-wide cyber systems and networks by coordinating internal team and larger Prudential resources during enterprise triage/incident response efforts.
· Utilize a deep understanding of attack signatures, tactics, techniques, and procedures associated with advanced threats, while using security domain knowledge to improve Prudential’s defenses/detection mechanisms.
· Assist the CSOC Director in briefing the senior management.
· Drive Prudential’s automation and programmatic improvement of cyber response processes forwards.
· Working closely with the Threat Hunting and the Cyber Threat Intelligence teams to operationalize new use cases, detections, and intelligence.
We are looking for someone...
· Bachelor's degree in Information Technology, Information Security, Computer Science, or a related discipline; OR 4 years equivalent direct work-related experience in lieu of a degree
· Experience (5+ yrs.) in a corporate IT environment in addition to a degree
· 3+ years working in Cyber Security Operations, preferably 2+ years working in the higher tiers of SOC.
· Deep understanding of IT Security practices/programs/tooling, with demonstrated examples of driving initiatives forwards.
· Documentation/process experience, in IT, Cyber Security, and a SOC environment.
· Advanced oral and written communication skills demonstrated in an IT or security related area.
· Advanced and in-depth problem solving & analytical skills demonstrated in an IT or security related area, preferable in a SOC/IR environment.
· Deep understanding of networking concepts and tools, demonstrated exposure/expertise a plus.
· Team player that cannot just work with team members and businesses partners around the world in different time zones and with a diverse cultural background while being respectful of local customs, but also help lead said groups.
· Demonstrated passion about the information security field and cyber defense, including commitment to training, self-study, and maintaining proficiency in the technical cyber security domain.
· IT Security certifications (e.g., Security+, GSEC, GCIH, GMON, GCTI, GNFA, GCWN, GREM, OSCP, other advanced cyber security certifications, etc.).
· Innovative and willing to raise unique/original ideas.
· Knowledge of Splunk (ES & Phantom) / Splunk certifications a huge plus. Exposure to/knowledge of other SIEM/SOAR tooling a plus.
· Demonstrated previous systems, cloud, endpoint, networking, server, deep knowledge. Administration of said tools/systems a plus.
· Scripting background (Python, Perl, bash, etc.) a huge plus.
· Familiarity with sandboxing solutions and malicious file analysis a plus. Prior work with malware labs/sandboxes a major plus.
· Automation experience a major plus, especially in a SOAR or SOC/IR context.
· Demonstrated exposure to Cyber Threat Intelligence and its operationalization with a security operations environment.
· Business level of Japanese and English is a must. (For Japanese, business level in reading and writing is a must) Fluent in Japanese or English is preferred. Work experience with Japan is very much preferred.
・complete five-day workweek system (No extra work on weekends)
・No extra work after work hours (9:30 a.m. - 5:30 p.m.)
・High salary ( - 16,000,000 yen, negotiable)