Overview The System Analyst will join Con Edison's Cybersecurity Operations team. This team implements and utilizes various tools and processes to build, run, and enhance the organization's cybersecurity programs. The System Analyst will contribute to the company's threat management program by developing use cases on our Threat Intelligence Platform (TIP), analyzing threat intelligence, performing impact assessments and investigations, enabling and performing threat hunts, and assisting in attack surface reduction efforts. They will support the Cybersecurity Operations Center (CSOC) through enablement and the development and introduction of new technologies, solutions, and capabilities, as well as provide advanced analysis and support. The System Analyst will also contribute to Purple Team efforts. They will create new and tune existing cybersecurity alerts, as well as lead the onboarding and transition of new alerts and security tools for the CSOC. They will also assist in monitoring trends, scenarios, and the changing threat landscape and will coordinate with the broader Information Security and infrastructure teams to take appropriate actions on both immediate needs and regularly scheduled cadences. The team also has related responsibilities to provide guidance and direction to its counterparts and stakeholders to bolster the overall security posture and capabilities of the organization's cybersecurity program. Responsibilities Core Responsibilities - Create new and tune existing cybersecurity alerts- Lead the onboarding of and training for new security tools and alerts- Monitor, assist in troubleshooting, and perform power use functions in a variety of security tools- Support and, when required, lead incident response efforts and threat detection capabilities- Enable the CSOC by developing and providing new capabilities and solutions- Perform blue and purple team functions- Define, design, and implement strategies to protect against emerging threats using security tools- Correlate security events to identify threats and implement countermeasures to reduce attack surface- Develop scripts and tools to automate tedious processes and increase efficiency- Effectively communicate technical concepts to non-technical audiences- Provide technical expertise and support to business partners and leadership on cybersecurity threat assessments, development, testing and the implementation- Implement & operate applicable information security plans, procedures, and control techniques designed to prevent cyber-attacks & events- Create accurate documentation that provides concise explanations and conveys informative descriptions of findings, including technical explanations/walkthroughs, root causes, impact, and remediation/mitigation strategies- Collaborate across the organization to build out improvement opportunities- Monitor cybersecurity threats and vulnerabilities and provide support as necessary to incident response team- Must be available 24/7, on call, and/or participate in off-hour emergency response activities as required- Defines, designs, and implements strategies to protect against emerging threats using security tools- Act as advanced support and escalation for the cybersecurity operations center- Continuously perform capability enhancements with tools and processes- Manage and lead information security projects for the cybersecurity operations team- Hold seats on projects to articulate requirements and build solutions with the project teams- Continuously implement efficiencies using current toolsets- Implement advanced alerting and increased visibility using current and new toolsets, automation, and process- Lead incident responses and events- Stay abreast of TTPs, global security incidents, industry trends, advisories, publications, research, talks, and other relevant developments- Develop scripts and tools to automate tedious processes and increase efficiency- As
