Principal Associate, Cyber Security Operations Center (CSOC) - (Fusion) Analyst

Center 3 (19075), United States of America, McLean, VirginiaPrincipal Associate, Cyber Security Operations Center (CSOC) - (Fusion) Analyst

The Cyber Security Operation Center Fusion team synthesizes multi-source security alerting, intrusion investigations, cyber intelligence, and business information into actionable analysis.

The Fusion team provides this time-sensitive analysis to empower fellow CSOC operators defending the network and to empower leadership to make informed decisions confronting cyber threats.

The associate will be a technical team leader proactively identifying threats, and working across the SOC CSOC operations with contextualized tactical intelligence, driving cross-team initiatives to improve detection and security, conducting internal threat landscape analysis, and finding innovative new ways to automate analysis.

The associate in this role will also mentor and train associates to execute fusion analysis responsibilities.

General Responsibilities :

Support day-to-day cybersecurity threat detection and incident response operations through indicator pivoting, campaign analysis, and tactical intelligence

Identify and enhance processes where automation has the potential to improve efficiencies, provide actionable data, and facilitate collaboration across CSOC

Leverage Security Orchestration, Automation, and Response (SOAR) or Security Information and Event Management (SIEM) tools to identify threat patterns, enrich investigations, and build automation-supported workflows

Deconstruct multi-source reporting into actionable intelligence including Tactics, Techniques, and Procedures TTPs data objects, campaign analysis, and threat patterns.

Regularly analyze malware reports to track adversary behaviors and support the construction of a TTP repository

Develop expertise on the Capital One threat landscape using internal data, threat trends, and operational metrics to clearly communicate the Capital One threat landscape to senior executives, to include the Chief Information Security Officer and Chief Information Officer.

Proactively build and maintain relationships with partner teams, including but not limited to Cyber Intelligence, Red Team, Insider Threat, and Hunt teams.

Conduct time-sensitive analysis during cyber investigations, including active threat hunting, malware analysis, and campaign enrichment

Routinely identify gaps in detection and collaborate with teams across the Cyber organization to mitigate risk, including blocking of malicious indicators, tuning vendor signatures, and instrumenting custom detection rules

Support the tactical intelligence-to-detection pipeline, to include malware reverse engineering, TTP analysis, and association mapping in a TIP (threat intelligence platform) for future pivoting

Attend conferences and briefings to stay current on threats against both COF and the Financial Services sector

Mentor other CSOC analysts in project execution and tactical upskilling; conduct brown bag lunches to teach specialized skill sets

Basic Qualifications :

High School Diploma, GED or Equivalent Certification

At least 4 years of experience in cyber security or information technology

At least 3 years of experience working in a Security Operations Center (SOC)

At least 3 years of experience analyzing and tracking Advanced Persistent Threats (APT) groups

At least 3 years of experience conducting threat hunting

At least 3 years of experience conducting fusion intelligence analysis

At least 3 years of experience with Threat Intelligence Platforms (TIPs), Security Orchestration, Automation, Response (SOAR) or Security Information and Event Management (SIEM) tools

At least 1 year of malware analysis (static or dynamic) experience

At least 1 year of Tactics, Techniques, and Procedures (TTP) analysis experience

Preferred Qualifications :

Bachelor's Degree

Professional certifications (CompTIA Sec+, CISSP, CEH or SANs)

3+ years of experience creating detection signatures for endpoint, network or cloud platforms

3+ years of experience in a cloud environment (Amazon Web Services, Google Cloud Platform or Microsoft Azure)

3+ years of experience in written and verbal briefings

4+ years of experience with cyber threat intelligence analysis and tactical analysis

3+ years of experience utilizing the MITRE ATT&CK framework, Diamond Model, or Cyber Kill Chain

At this time, Capital One will not sponsor a new applicant for employment authorization for this position.

The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting.

Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked.

New York City (Hybrid On-Site) : $165,100 - $188,500 for Prin Assoc, Cyber TechnicalSan Francisco, California (Hybrid On-Site) : $174,900 - $199,700 for Prin Assoc, Cyber Technical