Analyst (Tier 2) - Cybersecurity Operations

Sysco is the global leader in selling, marketing and distributing food products to restaurants, healthcare and educational facilities, lodging establishments and other customers who prepare meals away from home. Its family of products also includes equipment and supplies for the foodservice and hospitality industries. With more than 71,000 colleagues, the company operates 333 distribution facilities worldwide and serves approximately 700,000 customer locations. For fiscal year 2022 that ended July 2, 2022, the company generated sales of more than $68 billion.

• Technical writing experience including Standard Operating Procedures, Runbooks/Playbooks, Incident Response Plans
• Support training development with both analysts and tabletop exercises
• Assist or lead the effort in Tool configuration and content creation
• 2-4 years of experience on one of the following teams: Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) or a Security Operations Center (SOC)
• Degree in Computer Science, Information Technology, or equivalent work experience
• Experience supporting Cyber Security Operations in a large enterprise environment
• Experience with Incident Response, analysis of network traffic, log analysis, ability to prioritize and differentiate between potential intrusion attempts and false alarms, managing and tracking investigations to resolution
• Experience with SIEM & Log Management solution
• Familiarity with one of the following: NIST Incident Response Lifecycle, Cyber Kill Chain, Adversarial Tactics, Techniques & Common Knowledge (ATT&CK) Metrics
• CCNA Security, GCIA, GCIH, CYSA+, Security+ or other related security certifications
• At minimum there must be one active security certification
• Experience with one or more of the following tools: Qradar SIEM/Cortex XSOAR, SentinelOne, Proofpoint Email, Azure Suite, Zscaler

Cybersecurity SOC Tier 2 analyst must be able to do the following:

• Correlate threat data from various sources to establish the threat/impact against the network
• After assessment of the data, recommend appropriate countermeasures, facilitating tracking, preliminary handling of investigations, and reporting of all security events and computer incidents
• Remediation actions and apply lessons learned to security incident investigation and resolution
• Perform monitoring, identification and resolution of security events to detect threats through analysis, investigations and prioritization of events based on risk/exposure
• Develop processes which analyzes data, producing accurate, meaningful, easily interpreted results based on user requirements and use cases
• Develop processes which align with enterprise incident response activities and coordinate closely with other teams within the Security Operations Center
• Create custom tool content to enhance capabilities of security operations teams
• Manage the collection, documentation and research of security events generated by the SOC monitoring platform and infrastructure
• Provide support to Security Incident Management aligned with NIST standards