Center 3 (19075), United States of America, McLean, VirginiaPrincipal Associate, Cyber Security Operations Center (CSOC) - (Fusion) Analyst
The Cyber Security Operation Center Fusion team synthesizes multi-source security alerting, intrusion investigations, cyber intelligence, and business information into actionable analysis.
The Fusion team provides this time-sensitive analysis to empower fellow CSOC operators defending the network and to empower leadership to make informed decisions confronting cyber threats.
The associate will be a technical team leader proactively identifying threats, and working across the SOC CSOC operations with contextualized tactical intelligence, driving cross-team initiatives to improve detection and security, conducting internal threat landscape analysis, and finding innovative new ways to automate analysis.
The associate in this role will also mentor and train associates to execute fusion analysis responsibilities.
General Responsibilities :
Support day-to-day cybersecurity threat detection and incident response operations through indicator pivoting, campaign analysis, and tactical intelligence
Identify and enhance processes where automation has the potential to improve efficiencies, provide actionable data, and facilitate collaboration across CSOC
Leverage Security Orchestration, Automation, and Response (SOAR) or Security Information and Event Management (SIEM) tools to identify threat patterns, enrich investigations, and build automation-supported workflows
Deconstruct multi-source reporting into actionable intelligence including Tactics, Techniques, and Procedures TTPs data objects, campaign analysis, and threat patterns.
Regularly analyze malware reports to track adversary behaviors and support the construction of a TTP repository
Develop expertise on the Capital One threat landscape using internal data, threat trends, and operational metrics to clearly communicate the Capital One threat landscape to senior executives, to include the Chief Information Security Officer and Chief Information Officer.
Proactively build and maintain relationships with partner teams, including but not limited to Cyber Intelligence, Red Team, Insider Threat, and Hunt teams.
Conduct time-sensitive analysis during cyber investigations, including active threat hunting, malware analysis, and campaign enrichment
Routinely identify gaps in detection and collaborate with teams across the Cyber organization to mitigate risk, including blocking of malicious indicators, tuning vendor signatures, and instrumenting custom detection rules
Support the tactical intelligence-to-detection pipeline, to include malware reverse engineering, TTP analysis, and association mapping in a TIP (threat intelligence platform) for future pivoting
Attend conferences and briefings to stay current on threats against both COF and the Financial Services sector
Mentor other CSOC analysts in project execution and tactical upskilling; conduct brown bag lunches to teach specialized skill sets
Basic Qualifications :
High School Diploma, GED or Equivalent Certification
At least 4 years of experience in cyber security or information technology
At least 3 years of experience working in a Security Operations Center (SOC)
At least 3 years of experience analyzing and tracking Advanced Persistent Threats (APT) groups
At least 3 years of experience conducting threat hunting
At least 3 years of experience conducting fusion intelligence analysis
At least 3 years of experience with Threat Intelligence Platforms (TIPs), Security Orchestration, Automation, Response (SOAR) or Security Information and Event Management (SIEM) tools
At least 1 year of malware analysis (static or dynamic) experience
At least 1 year of Tactics, Techniques, and Procedures (TTP) analysis experience
Preferred Qualifications :
Bachelor's Degree
Professional certifications (CompTIA Sec+, CISSP, CEH or SANs)
3+ years of experience creating detection signatures for endpoint, network or cloud platforms
3+ years of experience in a cloud environment (Amazon Web Services, Google Cloud Platform or Microsoft Azure)
3+ years of experience in written and verbal briefings
4+ years of experience with cyber threat intelligence analysis and tactical analysis
3+ years of experience utilizing the MITRE ATT&CK framework, Diamond Model, or Cyber Kill Chain
At this time, Capital One will not sponsor a new applicant for employment authorization for this position.
The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting.
Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked.
New York City (Hybrid On-Site) : $165,100 - $188,500 for Prin Assoc, Cyber TechnicalSan Francisco, California (Hybrid On-Site) : $174,900 - $199,700 for Prin Assoc, Cyber Technical