Endpoint Security Analyst – Detection And Response (Remote)

At the American Cancer Society, we're leading the fight for a world without cancer. Our employees and 1.5 million volunteers are raising the bar every single day. We actively seek candidates from diverse backgrounds including communities of color, the LGBTQ community, veterans, and people with disabilities. The greater the diversity of our people, the better we can serve our communities.

Position Description

*This is a remote position; candidates from all US geographies will be considered.*

JOB SUMMARY

Remote position- The Endpoint Security Analyst– Detection and Response – position within the ACS (American Cancer Society) will be an entry-level position under the guidance of the Cybersecurity Detection and Response Manager. Conduct host-based defensive cyber operations using endpoint detection and response (EDR) products and anti-malware tools, and other endpoint security controls. This position will collaborate with IT colleagues and Security on vulnerability remediation efforts and incident response on all ACS workstations and mobile devices. The ideal candidate is a go-getter with exceptional analytical and problem-solving skills, flexibility, good judgment, and the capacity to work within a team to stand up and develop cybersecurity capabilities.

MAJOR RESPONSIBILITIES

Security Governance:

• Contribute to the development and establishment of IT Security Program governance documentation.
• Will collaborate with members in IT to ensure that operating systems, hardware, and software is in alliance with CIS control 4.
• Collaborate with IT Security and Compliance team senior colleagues to assist with the implementation of the NIST (National Institute of Standards and Technology) Cybersecurity Framework (CSF) and related security controls.
• Provide input to security program reporting on information risk Key Performance Indicators (KPIs), Key Control Indicators (KCIs), and Key Risk Indicators (KRIs)
• Will collaborate with members in IT to ensure that all ACS-owned assets are in alliance with ACIS control 1
• Perform control assessment to ensure effectiveness and compliance with IT Security program controls.
• Provide security guidance to legal and business stakeholders on contractual agreements with third parties and recommend information security terms and conditions to be included based on American Cancer Society security policy, compliance obligations, and third-party risk.

Vulnerability Management:

• Design and provide vulnerability management metric reports to management and stakeholders as necessary.
• Continuous assessment of identified vulnerabilities and collaboration with other teams for remediation.
• Serve as point of contact for ACS vulnerability management scanning tools with workstation vulnerabilities.
• Send and receive notifications to the SMEs (subject matter experts) of vulnerabilities within the environment.
• Assess the probability and potential impact of vulnerabilities and risks introduced by business operations. Develop mitigation plans of appropriate security controls as needed.
• Prioritize vulnerabilities discovered along with remediation timeline(s)
• Develop communication channels with technology owners and businesses to evangelize the evolving threat landscape.
• Participate in collecting, assessing, and cataloging threat indicators.

Detection and Response:

• Will serve as a point of contact for XDR/Antivirus solutions on endpoints.
• Coordinate with senior members of the IT Security team during an incident to ensure a comprehensive and systematic response to and escalation of security incidents within the ACS environment.
• Will work with the GRC team on remediation strategies after a Cyber Incident occurs.
• Prepare a clear and detailed written report to be delivered to ACS leadership and key stakeholders summarizing cyber security incidents and actions ACS took in response.
• Monitor alerts and investigate by pivoting between various data sources, correlating events, searching for indicators of compromise.
• Will serve as a primary contact for the Service Desk Team and other Endpoint related security matters.

Position Requirements

EDUCATION/CERTIFICATIONS

• CISSP, CCSP, GCIH, GIAC/SANS, or Other relevant certifications is a plus.
• Bachelor's Degree in Information Security or Computer Security or comparable years’ experience.
• Minimum 1-3 years of information security, or IT operations experience.

PREFERRED SKILLS AND EXPERIENCE

• Independent problem-solving experience
• Skilled at analyzing IT/VM/IR data sets using tools such as Excel or Power BI and presenting in a meaningful, digestible format for leadership teams.
• Demonstrate a real passion for team technology solutions design and delivery.
• Comfortable with interfacing with other internal or external organizations regarding security policy and standards violations, security controls failure and incident response situation
• Some experience with automation/SOAR
• Hands-on experience with Trend Vision One, Crowd Strike, or similar technology
• Strong attention to detail, data accuracy, and data analysis
• Some experience with automation/SOAR
• Self-motivated and operates with a high sense of urgency and a high level of integrity.
• Ability to work in a fast-paced setting.
• Hands-on experience with Rapid 7, Qualys and/or competing Vulnerability Management solutions.
• Experience utilizing Cyber Threat Intelligence to perform Threat Hunting
• Excellent communication (written and oral) and interpersonal skill
• Proactive and self-motivated mindset
• Must be technical proficient and willing to learn new technologies.
• Demonstrated ability to manage multiple workstreams simultaneously.
• The ability to learn and apply new concepts quickly.

The starting rate is $54,400 to $68,000 per year. The final candidate's relevant experience/skills will be considered before an offer is extended. Actual starting pay will vary based on non-discriminatory factors including, but not limited to, geographic location, experience, skills, specialty, and education.
Position Requirements: