Job Description

Flexible Work Policy: The work for the Security Operations Analyst Lead position is completely 100% remote anywhere in the United States except Hawaii or United States Territories. This position may have the potential to travel up to 20% dependent on business needs.RESPONSIBILITIES

• As an active member of the team, respond to monitoring, identify, and analyze forensics and Indicators of Compromise to plan response to security events while achieving SLAs.
• Participate in 24x7 On-Call rotations.
• Participate in incident response procedures, conduct investigations, execute threat containment and eradication tasks, coordinate recovery with IT groups, assess impact with business stakeholders and document incident details in CIRT reports.
• Develop and maintain SOC documentation, including monitoring dashboards, collect SOC performance metrics, generate incident reporting, response playbooks, processes and procedures, and other supporting operational material.
• Liaise with other teams within US Foods\xe2\x80\x99 Information and Cyber Security team, including Governance Risk and Compliance, Security Engineering, Identity and Access Management, and Application & Cloud Security, as well as business functions to facilitate incident response and recovery.
• Leverage automation and orchestration solutions to automate repetitive tasks.
• Collaborate with third party vendors including 24x7 monitoring and incident response managed services.
• Participate in postmortem exercises with a focus on continuous improvement to drive efficiencies.
• Stay current with and remain knowledgeable about new threats. Analyze attacker tactics, techniques, and procedures (TTPs) from security events across a large heterogeneous network of security devices and end-user systems.
• Perform maintenance on security tools and platforms including, firewall policy changes, EDR/AV exceptions, Secure Web Gateway administration, and Microsoft365 security management.
• Participate in threat modeling collaboration with other members of the security team.
• Aid in threat and vulnerability research across event data collected by systems.
• Investigate and document events to aid incident responders, managers and other SOC team members on security issues and the emergence of new threats.
• Partner with the security engineering team to improve tool usage and workflow, as well as with the advanced threats and assessment team to mature monitoring and response capabilities.
• Leverage knowledge in multiple security disciplines, such as Windows, Unix, Linux, data loss prevention (DLP), endpoint controls, databases, wireless security and data networking, to provide effective incident response in a complex heterogeneous environment.
• Maintain working knowledge of advanced threat detection as the industry evolves.
• Responsible for adding Firewall rules and providing validation of Firewall rules.
• Orchestration of Certificate Management best practices to ensure prevention of Certificate related outages.
• Track team\'s performance metrics and makes recommendations for improvement and growth.
• Manages On-Call rotations.
• Track and report on team\'s training performance against goals. Assess skills and makes recommendations to ensure skills growth.
• Support leadership - provide input to key decision making.
• Actively promotes a culture of continuous improvement. Identifies and promotes value stream improvements to positively impact SLA performance and efficiency.
• Ensure continuity of security operations management and maintain SLAs when security operations senior manager is not available.

RELATIONSHIPS

• Internal: Enterprise Architecture, Technology Strategy, Technology Governance, Business Continuity and Technology Product Teams. Security Engineering, Security Architecture, Threat & Vulnerability Management, and Leaders across the Innovation and Technology Team.
• External: Technology vendors, including software and service providers; relevant managed security services, and professional services vendors,

WORK ENVIRONMENT

• This role has been segmented as "Remote " meaning works remotely. Can live anywhere in continental US and Alaska. Travel as needed for business.

MINIMUM QUALIFICATIONS

• A minimum of 6 years of information security monitoring and response or related operations experience.
• Strong mentorship skills and demonstrated ability to teach and promote adoption of new skills and techniques.
• Metric oriented with a history of compiling reporting of team performance and providing leadership with insight and recommendations.
• Demonstrated success driving continuous improvement.
• Familiarity with threat hunting and adversary tactics and techniques (i.e., MITRE ATT&CK)
• Ability to read and understand system data including security event logs, system logs, application logs and device logs.
• Security configuration knowledge.
• Expert-level knowledge of collection and analysis methods in multiple tools utilized for data correlation.
• Experience working in a support or operations team in a 24x7x365 operational environment
• Experience working with a security information and event management (SIEM) systems, threat intelligence platforms, security automation and orchestration solutions, and other network and system monitoring tools. Microsoft 365 Defender preferred.
• Basic administration skills of SASE solutions/Zscaler.
• Expert-level knowledge in several skillsets such as networking and internet protocols, operating systems (*nix, Win), Active Directory, Cloud (SaaS and IaaS) and scripting (PowerShell, Python, *nix shells).
• Ability to learn new technologies and skills to stay abreast in evolving threats
• Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.

Education

• Degree from an accredited college/university, institute, OR equivalent professional experience required

Related Experience/Requirements:

• Analytics and problem-solving mindset that balances strategic and tactical thinking.
• Maintains composure and sound decision-making under high pressure conditions.
• Highly organized and efficient.
• Strong written and verbal skills enabling effective communication with different levels of leadership.
• Change management experience.
• Equally effective in individual and team settings as required.

Certifications/Training

• CEH, GCIH, GCFA, GCFE, CSIRT, CISSP, and/or CISM (preferred but not required)

Compensation depends on relevant experience and/or education, specific skills, function, geographic location, and other factors as applicable by law. The expected base rate for this role is between $85,000 - $140,000.This role will also receive annual incentive plan bonus.\xe2\x80\x8bBenefits for this role may include health insurance, pre-tax spending accounts, retirement benefits, paid time off, short-term and long-term disability, employee stock purchase plan, and life insurance. To review available benefits, please click here: .#LI-SK1#Remote

US Foods