Phoenix - AZ, PHX4701A, 4701 E Francisco Dr, 85044-5365
Christine Marie Hill
We believe that, when done right, investing liberates people to create their own destiny. We are driven by our purpose to champion every client’s goals with passion and integrity. We respect and appreciate the diversity of our employees, our clients, and the communities we serve. We challenge conventions strategically to create value for our clients, our firm and the world. We live and bring to life the concept of ‘own your tomorrow’ every day. We champion our employee strengths, guide their development, and invest in their long-term success. We hire optimistic, results-oriented, curious, innovative, and adaptable people with the desire to help our clients and one another succeed.
As a company, we were established by Chuck over 40 years ago to champion Main Street over Wall Street, and to help Americans transform themselves from earners to owners. Through advocacy and innovation, we work to make investing more affordable, accessible and understandable for all. As we enter our fifth decade, we are looking for talented, innovative and driven people who believe they can help themselves, and our clients, create a better future.
Charles Schwab’s Security & Technology Operations organization is seeking an Information Cyber Security Analyst for the Security Operations Center/Cyber Incident Response Team (SOC/CIRT). The selected candidate will participate in a 24x7x365 team that monitors, analyzes, and responds to information security related threats such as commodity malware, policy violations, and advanced persistent threats. Members of the SOC/CIRT are also tasked with supporting the efforts of the Threat Intelligence, Risk Management, and Forensic teams. The successful candidate will be a highly technical, passionate, and self-driven individual who loves to learn, solve problems, and contribute to the advancement of the team.
What you’ll do:
- Work as part of a team of Information Security professionals supporting a global enterprise.
- Triage and respond to concurrent information security incidents reported via SIEM, ticketing system, email, etc…
- Perform root cause analysis, document findings and collaborate with technology/process owners to prevent future occurrences.
- Research, analyze and understand log sources originating from security and networking devices such as firewalls, routers, proxy, anti-virus products, and operating systems.
- Automate manual processes via scripting.
- Perform raw data review in an effort to identify malicious activity for which signatures/content do not exist.
- Assist with the development of new content and tuning/filtering of existing content for SIEM, IDS, and other security technologies.
- Participate in documentation evergreen process to ensure accuracy of documentation critical to the team’s success.
- Work with management to define/update standard operating procedures and response plans.
- Support efforts of Sr. Security Analysts, Team Lead, Technical Directors and/or Management during all phases of the Incident Response process.
What you have:
- 0-2 years Cyber Security Experience Years of professional experience, or equivalent.
- 2+ Years IT Experience Years of professional experience, or equivalent.
- Thorough understanding of computer networking: TCP/IP, routing and protocols.
- CompTIA Network+ or equivalent knowledge/experience required.
- CompTIA Security+ or equivalent knowledge/experience required.
- Detailed knowledge of packet structure and previous experience performing in-depth packet analysis required.
- Thorough understanding of information security best practices and technologies.
- Detailed knowledge regarding the administration, use, securing and exploitation of common operating systems.
- Prior experience analyzing log sources originating from security and networking devices such as firewalls, routers, proxy, anti-virus products, and operating systems required.
- Strong proficiency with Windows and Unix/Linux command line.
- In-depth knowledge of obfuscation techniques used to encode/encrypt malicious traffic/data.
- Familiarity with a standardized incident response framework (SANS/NIST).
- Research and analytical background and an analytical approach; especially with respect to event classification, event correlation, and root cause analysis.
- Scripting experience with Python, Perl, SQL, and/or PowerShell strongly preferred.
- Must be able to react quickly, decisively, and deliberately in high stress situations.
- High level of ethics and core values.
- A strong passion for learning.
- Strong verbal/written communication and interpersonal skills are required to document and communicate findings, escalate critical incidents, and interact with customers.
- Willingness to participate in shift work and serve as a member of an Incident Response Team (IRT) which may require responding to emergency calls during non-business hours.
- Self-disciplined to ensure completion of shift work with little supervision. Highly motivated individual with the ability to self-start, prioritize, and multi-task.
- BS in Computer Science or equivalent experience.
Preferred but not required.
- SANS GCIH, GCIA, or equivalent industry recognized certifications
- Knowledge of Snort signature syntax and prior experience with signature development
What you’ll get:
- Everyday Wellness: Healthy Rewards, Onsite Fitness Classes, Healthy Choices, Wellness Champions
- Financial Fitness: 401k Match, Employee Discounts, Personalized advice, Brokerage discounts
- Work/Life Balance: Sabbatical, New Mothers returning to work Program, Tuition Reimbursement Programs, Time off to volunteer
- Inclusion: Employee Resource Groups, Commitment to diversity, Strategic partnerships
- Not just a job, but a career, with an opportunity to do the best work of your life
Learn more about Life@Schwab.
Charles Schwab & Co., Inc. is an equal opportunity and affirmative action employer committed to diversifying its workforce. It is Schwab's policy to provide equal employment opportunities to all employees and applicants without regard to race, color, religion, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), gender identity or expression, national origin, ancestry, age, disability, legally protected medical condition, genetic information, marital status, sexual orientation, protected veteran status, military status, citizenship status or any other status that is protected by law.
||English - spoken
|Current Licenses / Certifications:
|Relevant Work Experience:
||IT-Other Specialty Engineering-2-5 yrs
|Position Located In:
||AZ - Phoenix
Activation Date: Wednesday, January 31, 2018
Expiration Date: Friday, June 1, 2018