Cybersecurity Operations Specialist

This role offers a hybrid work schedule; offering the flexibility to work remotely two days a week, while providing the opportunity for in-person collaboration at our Buffalo, NY Tech Hub.
Overview:

Ensures the integrity and resilience of the organization's security and information systems through the identification and investigation of potential threats using complex analysis on Cybersecurity monitoring tools and responds to confirmed security threats.

Primary Responsibilities:

• Characterize and analyze complex network traffic using analysis techniques such as contextual analysis, anomaly detection, and network traffic analysis, to identify anomalous activity and potential threats to network resources and provide proactive recommendations to maintain or improve security posture.
  
  Complete dynamic malware, threat, and log analysis in coordination with past incident analysis data and/or current or emerging threat analysis and provide recommended remediation efforts.
  
  Identify opportunities for tuning and development of rules, alerts, and correlation logic for security systems and tools to share with security engineering that will strengthen the security of the organization.
  
  Immediately partner with incident response team when identifying suspected imminent or hostile intentions or activities that could impact the organization's objectives, resources, or capabilities.
  
  Maintains comprehensive documentation and logs of security threats, analysis, responses, and procedures in incident tracking and solution database that can be utilized to debrief senior Cybersecurity leadership.
  
  Assist in development of technical documents, incident reports, findings and use cases from intrusion artifacts, log summaries and other discovered data to the team and team leader(s).
  
  Collaborate with cybersecurity teams and governance team to regularly review and refine policies and procedures, utilizing insight from internal incident data and emerging threats.
  
  Actively engage in cross-functional collaboration with manager, specialists, and incident response team to review and determine next steps for identified potential threat and suspected incidents.
  
  Actively seeks out opportunities for professional growth and utilizes emerging threat trends to inform recommendations for new security practices, tools, and techniques.
  
  Understand and adhere to the Company's risk and regulatory standards, policies, and controls in accordance with the Company's Risk Appetite. Design, implement, maintain, and enhance internal controls to mitigate risk on an ongoing basis. Identify risk-related issues needing escalation to management.
  
  Perform QA related activities for CSOC analysts to monitor accuracy, completeness, and adherence to established workflows and procedures
  
  Maintains comprehensive documentation on training efforts and works to further CSOC maturity by conducting onboarding training, as well as other various training programs to foster a continuous improvement environment.
  
  Promote an environment that supports diversity and reflects the M&T Bank brand.
  
  Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
  
  Complete other related duties as assigned.

Scope of Responsibilities:

• Partners with manager, peers, and incident response team.
• Leverages Standard Operation Procedures to perform advanced analysis of security events. Work is reviewed for accuracy and overall quality.
• Intermediate knowledge of all networks, user, and end-point monitoring tools.
• Advanced understanding of multiple network, user, or end-point monitoring tools.
• Train analyst to intermediate level knowledge of network, user, and end-point monitoring tools.
• Second highest individual contributor escalation point in team.

Education and Experience Required:

Partners with manager, peers, and incident response team.

Leverages Standard Operation Procedures to perform advanced analysis of security events. Work is reviewed for accuracy and overall quality.

Intermediate knowledge of all networks, user, and end-point monitoring tools.

Advanced understanding of multiple network, user, or end-point monitoring tools.

Train analyst to intermediate level knowledge of network, user, and end-point monitoring tools.

Second highest individual contributor escalation point in team.

Education and Experience Preferred:

• Intermediate Cybersecurity certifications (e.g., CySA+,CEH)
  
  Prior experience working in a highly regulated industry (e.g., finance, healthcare, government)
  
  Intermediate knowledge of digital evidence preservation concepts
  
  Basic understanding of security orchestration, automation, and response
  
  Intermediate proficiency with security information and event management tools
  
  Intermediate ability to use anti-virus software and endpoint detection and response tools.
  
  Advanced ability to use open-source intelligence concepts.
  
  Basic ability to use network packet analyzers.
  
  Basic knowledge of threat intelligence concepts
  
  Intermediate ability collects artifacts and document incidents.
  
  Basic knowledge of scripting languages
  
  Intermediate ability to logically identify and analyze protection opportunities in data loss prevention and cloud access security broker tools.

M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $79,157.68 - $131,929.47 Annual (USD). The successful candidate's particular combination of knowledge, skills, and experience will inform their specific compensation.

Location
Buffalo, New York, United States of America