Clear
Share this Job

Security Analyst III

Apply now »

Date: Jun 8, 2021

Location: LAKE FOREST, IL, US, 60045-5201

Company: Grainger Businesses

Grainger is North America’s leading Maintenance Repair & Operating provider, and we are the 10th largest North American E-commerce player with over 50% of our revenue coming from online transactions. Within the Grainger Technology Group, we use technology to support the ever-changing and dynamic needs of a supply chain carrying 1.5 million products and an employee base of 25,000+; and we are committed to delivering technical solutions to support the business in its mission to stay atop. We deliver technology solutions across the enterprise including our call centers, branch network, sales, and our various digital channels. The team supports over 1000 applications across the network and operates in an agile environment to deliver complex solutions quickly and seamlessly. The team of 100+ is comprised of Infrastructure + Operations, Cyber Security, Technology Planning, Architecture, and Engineering and are built in a way to support the dynamic and ever-changing customer landscape.

 

Security Analyst III – Cyber Incident Response Team (CIRT)

 

Our team’s primary mission is to monitor and respond to cyber security events throughout our dynamic, worldwide environment.

 

Principal Duties & Responsibilities  

  • Participate as a member of the Cyber Incident Response Team (CIRT) in efforts to protect the integrity, confidentiality, and availability of Grainger information assets.
  • Provide real-time monitoring and timely response to alerts and anomalies generated by various security tools.
  • Perform deep event analysis and correlation, evaluating and escalating events and incidents based on established escalation procedures.
  • Identify and develop new security detection use cases, playbooks, tuning, and alerts for use within our SIEM (Splunk) and our Case Management solution (Splunk / Mission Control).
  • Accurately record all cases and interactions in the incident management tracking tool within given SLAs.
  • Help standardize documentation for support of assigned systems and applications and help to facilitate understanding and use within various levels of security operations.
  • Partner with MSSP/external vendors providing SecOps services to enrich our Splunk environment and respond to alerts 24/7.
  • Assist in security project implementation for testing, monitoring, and reporting purposes. 
  • Contribute to the evaluation of new or updated security solutions and assess impact of security controls to user experience.
  • Ability to effectively prioritize and execute tasks in a remote / complex environment. 
  • Perform special assignments as required.

 

 

 

 

 

 

 

Preferred Education & Experience  

  • 3 or more years of working in security operations role or cyber incident response role conducting in depth investigations using internal telemetry data and open-source information to determine whether or not a given system or user has been compromised is required.
  • 3 or more years working with traditional security tools, not limited to, SIEM, AV, EDR, SOAR, IDS/IPS, DLP, etc.
  • 7 or more years required of IT work experience with a broad exposure to infrastructure/network and multi-platform environments is required.  Hands-on working experience of most common operating systems including but not limited to Windows Server, Windows 10, Unix/Linux, Apple OSX, Android, iOS environments are required.
  • 2 or more years of experience and hands-on working knowledge of Splunk is required.  Splunk certifications are a plus.
  • 2 or mor years of experience with cloud platform technologies (AWS, GCP, Azure, O365) is required.
  • Experience with integration between Incident Management Systems (SOAR) and SIEM in an enterprise environment is a plus.
  • Experience with the forensic and incident response process, reverse engineering malware, and Red-Teaming is a plus.
  • Experience with audit support and response, and regulatory compliance SOX and PCI-DSS is a plus.
  • Experience of standard business processes including Change Management, Problem Management, Work Prioritization, Quality Assurance, and Continuous Improvement best practices, etc. is a plus.
  • Security certifications (SANS, ISC2, SEI, CFE) are a plus.
  • Higher education (Bachelor’s, Masters’, etc.) are a plus.

 

“Grainger is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, gender identity, sexual orientation, disability, or protected veteran status.”