IT Cyber Security Senior Analyst

This job is no longer active. View similar jobs.

POST DATE 9/20/2017
END DATE 1/5/2018

Boston Consulting Group Boston, MA

Boston, MA
AJE Ref #
Job Classification
Full Time
Job Type
Company Ref #
Mid-Career (2 - 15 years)
Bachelors Degree


The IT Cyber Security Senior Analyst works with various teams inside BCG (Information Management Team, Global Functions and IT) and with vendors, suppliers, and partners to support the SOC s mission of preventing, detecting, and responding to cyber threats.

The IT Cyber Security Senior Analyst is an experienced position within the CSIRT and has a thorough understanding of the incident response domain, including triage and escalation. This analysts that can work simultaneously on multiple security incidents and security-related problems. The IT Cyber Security Senior Analyst interacts closely with BCG s SIEM and MSSP to detect and understand the current threats against BCG s network, and provides Tier 3 incident response support. These tasks ensure that all cyber security incidents are accessed and communicated to relevant stakeholders in a timely manner.

This includes, but is not limited to:

* Interacting closely with BCG s MSSP identify, assess, and communicate cyber events in a timely manner

* Responding to security event alerts from multiple sources

* Quickly, efficiently, and accurately triaging and escalating cyber events to senior team members.

* Maintaining industry knowledge of SIEM and threat intelligence and its interactions with other technologies, such as Active Directory, Log Management, Ticketing, Information Management, Cloud Services, Devices, etc.

* Collecting, monitoring, and analyzing log data produced by the BCG's System

* Reviewing and preparing monthly status reports and statistics

* Following-up on incidents, issues, and concerns related to security events and data loss

* Providing backup to other BCG Security Architects to audit, monitor and report on the various components of BCG IT security

* Interacting closely with BCG s MSSP identify, assess, and communicate cyber events in a timely manner

* Balance cost, risk, security, user convenience, and business requirements in all aspects of work

Company InformationThe Boston Consulting Group (BCG) is a global management consulting firm and the world s leading advisor on business strategy. We partner with clients from the private, public, and not-for-profit sectors in all regions to identify their highest value opportunities, address their most critical challenges, and transform their enterprises. BCG was founded in 1963 and is a privately owned firm with more than 14,000 employees across 85 offices in 48 countries. Integrity, respect for the individual, delivering value, and making an impact on society are just some of BCG's core values. BCG's commitment to both our clients' success and our own standards is what sets BCG apart as a world-class professional services organization. Join BCG - start your career at a company that is consistently ranked as the leader in its field, and is acknowledged as one of the best places to work.

Basic Job RequirementsJOB REQUIREMENTS:

* Bachelor s degree (or equivalent);

* Minimum of 3 to 5 years of information security experience, with a very strong technical background

* Significant information security and risk management experience in a multinational enterprise

* Demonstrated Threat Hunting and Incident Response experience (from a Consultancy or SOC environment)

* Experience with Security Information and Event Mangement (SIEM) monitoring tools and their use (Splunk, Arcsight, QRadar or similar)

* Security certification like CISSP, CCSP, CEH, GIAC Certified Intrusion Analyst (GCIA) or GIAC Reverse Engineering Malware (GREM) or equivalent a plus

Non-discrimination StatementThe Boston Consulting Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity / expression, national origin, disability, protected veteran status, or any other characteristic protected under federal, state or local law, where applicable. BCG is an E-Verify Employer. Click here for more information on E-Verify. VEVRAA Federal Contractor

Job ResponsibilitiesUnder the general direction of the Information Security Manager or delegate and working with other IT, BST, etc. throughout the firm, the roles will perform the following functions:
Participate as an integral part of the Security Team and IT in general

* Work closely with CSIRT team people & technology to detect, assess, and communicate cyber threats

* Update the Security Team and other groups on industry trends and recommend initiatives to help lower risk

* Define SIEM use cases to collect, monitor and analyze data to discover and discern trends, threats, and security risks associated with BCG assets and information.

* Recommend and create SIEM rules to protect BCG and BCG client confidential information

* Proactively monitoring and analyze logs via the SIEM for indicators of attack

* Mentoring more junior team members

* With the Information management team, follow-up on incidents, issues, and concerns related to data loss

* Manage incidents related to data loss, producing alerts and escalating issues to appropriate management

* Provide SIEM solutions and support for specific case team and/or project needs and requirements

* Develop and produce operational metrics that demonstrate the effectiveness of controls, quantifies security risks and issues, confirms service levels, tracks incident type and volume

* Apply industry and BCG security knowledge, policy, standards, practices to incident response

* Respond to inquiries related to data loss and inappropriate sharing

Provide input and represent BCG and client interests in the areas of:

* Incident response and investigation

* Incident response management for client security incidents

* Work with IT Directors, Managers, Architects and staff to implement, monitor and maintain Confidentiality, Availability and Integrity of BCG information assets

* Track and manage materials provided to external providers and clients

* Maintain information security credentials and certifications as required to present a credible presence to internal and external audiences

* Develop standard materials in support of BCG Information Security

* Respond to, and to the extent possible, accommodate special requests and requirements

* Track and report on security issues

* All other tasks and responsibilities as requested by manager

Maintain up-to-date knowledge of the cyber security industry as it relates to BCG including:

* Attacker methods and TTPs

* Standards, regulations and legislation.

* Threats and vulnerabilities

* Technologies and solutions

* Industry best practices

* Client requirements and concerns