Global Information Security Analyst (Remote)

Job Details

What you will do

Global Information Security Analyst is a position reporting into the Manager, Security Engineering - Global Information Security with responsibility of administration, maintenance, development and implementation of the GIS organization security tools.

You will be a passionate information security professional with the ability to communicate to different business and IT leaders. You will demonstrate drive, intelligence, maturity, and energy and will be a proven security analyst. In addition you will:

• Independently implement and support security platforms: Security Orchestration Automation & Response (SOAR), Security Information Event Management (SIEM), Vulnerability Management
• Perform continuous optimization, tuning and monitoring of platforms
• Perform integration of platforms into SIEM, SOAR and/or APIs
• Participate in the design and maintenance of security playbooks
• Troubleshoot issues affecting internal customers of supported platforms
• Maintain on-prem and cloud logging infrastructure, including heavy forwarders and cloud services dedicated to logging to ensure reliability
• Coordinate with IT teams, threat detection teams, and analyst teams to ensure that logging architecture and log feeds are reliably providing quality data to support detection and investigation activities
• Assists in the development and implementation of internal security projects including writing documentation, providing input, and initial installation and configuration
• Work with Threat Detection team to identify log sources that could be used for detection and enrichment
• Continually improve the organization's security posture through lifecycle management, upgrades, implementation of new features, systems, and processes that are owned by or relate to information security.

This role offers flexibility in working from home even after pandemic.

How you will do it

Manage SIEM Capabilities (Splunk Enterprise Security)

• Ensure platform is maintained on supportable baselines
• Daily monitoring of the SIEM, log parsing and log onboarding, Application integration, APIs, and overall management of the platform
• Strong analytical and operational background in a diverse variety of big data log sources

Automation Capabilities (SOAR)

• Document security workflows, optimize for automation, recreate in automation tool, and customize code as necessary
• Provide feedback into the security logging and automation platform and processes to decrease threat time to detection and increase Security Operations team efficiency
• Build and test custom and out-of-the-box SOAR integrations using APIs
• Contribute to a DevOps practice for incrementally building and releasing automations to increase SOC productivity

Integration Capabilities

• Develop scripts to retrieve system information, perform actions or deploy packages for Linux, Windows, and Mac systems. Powershell, VBscript, Linux Bash, Python skills required
• Support platforms and their respective clients, globally
• Use APIs to create integrations to enable data enrichment and incorporation of threat intelligence sources

What we look for
Required

• Minimum 8 years of information security related and information technology logging analytics experience with a proven history of helping organizations ingest, parse, and make sense of varied, large sets of information.
• Experience with Security Incident and Event Management (SIEM) Endpoint Detection and Response (EDR), and Security Workflow Automation tools.
• Knowledge of Splunk Cloud architecture including using Heavy Forwarders, Deployment Servers, and Splunk Agents.
• Strong analytical and operational background in a diverse variety of big data log sources
• Experience in performing DevOps under an agile model
• Where legally permissible, if hired, candidate is required to be fully vaccinated against Covid-19 no later than his/her start date, unless candidate has a valid medical condition or sincerely held religious belief precluding he/she from receiving the vaccine.

Preferred

• A minimum Bachelor's degree in computer engineering, computer security or computer science discipline or a combination of education and experience as determined by Johnson Controls.
• Strong scripting skills in multiple languages including Python, PowerShell, Bash, XML, SPL, and Json.

Desired Certifications (but not required):

• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
• Certified Ethical Hacker (CEH)
• Cisco Certified Network Associate Security (CCNA Security)
• Cisco Certified Network Associate (CCNA)
• Cisco Certified Network Professional Security (CCNP Security)
• Cisco Certified Network Professional (CCNP)
• Server Platform Certifications (Microsoft, Linux)
• CompTIA Security+

Johnson Controls International plc. is an equal employment opportunity and affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, genetic information, sexual orientation, gender identity, status as a qualified individual with a disability or any other characteristic protected by law. To view more information about your equal opportunity and non-discrimination rights as a candidate, visit EEO is the Law. If you are an individual with a disability and you require an accommodation during the application process, please visit here.