empty

Cyber Security - Incident Response

Northwestern Mutual

Job Description

Posted on: 
November 24, 2024

Summary and company overview

At Northwestern Mutual, we are strong, innovative and growing. We invest in our people. We care and make a positive difference.

This is a hybrid position at our Milwaukee Corporate Office. Required onsite days are Mon, Tues, and Wed.

What’s the role?

As an Incident Responder on the Threat Detection & Response team, your role will include responding to, investigating, and containing anomalous or malicious activity that could indicate a security threat. You'll be responsible for staying up to date on the latest cybersecurity threats and assisting in the continual development and refinement related to monitoring, detecting, and responding to abnormal network and host activity.

Responsibilities

  • Triage, pivot, and correlate across multiple networks and host-based log sources.
  • Performing analysis of attacker activity in on-premises and cloud environments
  • Proactively hunt for and identify malicious activity in various log sources using threat intelligence and other indicators of compromise.
  • Communicate and collaborate with all areas of the business including executive leadership to educate and inform throughout the incident response lifecycle.
  • Continually improve incident response procedures and documentation.
  • Engage with Detection Engineering and Red Team to identify opportunities to better monitor/detect suspicious behavior and automate response capabilities.
  • Participate in a weekly on-call rotation with other Incident Response team members.
  • Participate in Threat Simulation activities with team members.
  • Keep up to date on evolving cyber threats and identify methods to detect them

Job Requirements

Minimum Qualifications:

  • Bachelor's degree in information security, computer science, or equivalent combination of education, training, and experience.
  • Three or more years in an Incident Response, Security Operations Center (SOC), or equivalent experience.

Desirable Skills:

  • Experience with security tools including SIEM, EDR, AV, CASB, Next-gen Firewalls, and VPN.
  • Experience with forensic, system, and network artifacts.
  • Working knowledge of the MITRE ATT&CK framework and experience with sophisticated threat actor evidence including familiarity with Indicators of Compromise (IOCs), Indicators of Activity (IOAs), and Tools, Techniques, and Procedures (TTPs)
  • Familiarity with cloud environments and containerization technologies (AWS, Azure, O365, Docker, Kubernetes).
  • Functional and practical experience with at least one development or scripting language/framework (e.g. PowerShell, Python, .Net) and regular expressions.
  • Hold or are willing to obtain certifications such as GCIH, GCFE, GCFA, GDAT, CISSP, or other relevant security certifications.

Additional commentary

NA

Summary and company overview

At Northwestern Mutual, we are strong, innovative and growing. We invest in our people. We care and make a positive difference.

This is a hybrid position at our Milwaukee Corporate Office. Required onsite days are Mon, Tues, and Wed.

What’s the role?

As an Incident Responder on the Threat Detection & Response team, your role will include responding to, investigating, and containing anomalous or malicious activity that could indicate a security threat. You'll be responsible for staying up to date on the latest cybersecurity threats and assisting in the continual development and refinement related to monitoring, detecting, and responding to abnormal network and host activity.

Apply now