Sr. CSIRT Analyst

At Genworth, we empower families to navigate the aging journey with confidence. We are compassionate, experienced allies for those navigating care with guidance, products, and services that meet families where they are. Further, we are the spouses, children, siblings, friends, and neighbors of those that need care-and we bring those experiences with us to work in serving our millions of policyholders each day.

We apply that same compassion and empathy as we work with each other and our local communities. Genworth values all perspectives, characteristics, and experiences so that employees can bring their full, authentic selves to work to help each other and our company succeed. We celebrate our diversity and understand that being intentional about inclusion is the only way to create a sense of belonging for all associates. We also invest in the vitality of our local communities through grants from the Genworth Foundation, event sponsorships, and employee volunteerism.

Our four values guide our strategy, our decisions, and our interactions:

• Make it human. We care about the people that make up our customers, colleagues, and communities.
• Make it about others. We do what's best for our customers and collaborate to drive progress.
• Make it happen. We work with intention toward a common purpose and forge ways forward together.
• Make it better. We create fulfilling purpose-driven careers by learning from the world and each other.

POSITION TITLE

CSIRT Analyst

POSITION LOCATION

Richmond, VA; Lynchburg, VA; Remote

YOUR ROLE

Successful candidate will be a member of client's Computer Security Incident Response Team (CSIRT), responsible for monitoring, investigating, and responding to events generated from various systems, seeking anomalies in user and endpoint activity, continuously improving the detect and respond capability of the organization and maintaining awareness regarding current and developing threats. Team members recommend and oversee enhancements to the (Security Information and Event Management system) SIEM, use of threat intelligence, lead incident response activities throughout the organization and act as a point of escalation for incidents.

What you will be doing• Monitors for, investigates and responds to alerts generated by multiple network, server and client security controls• Researches system events, generated by many sources, to identify and investigate unwanted or malicious activity• Provides timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities• Determines tactics, techniques, and procedures (TTPs) for intrusion sets• Performs incident triage to include determining scope, urgency, and potential impact; identify the specific vulnerability and make recommendations that enable expeditious remediation• Identifies opportunities, designs and implements rulesets and other control configurations to increase likelihood of identifying unwanted or malicious activity• Tracks, documents, and escalates incidents through the entire incident response lifecycle (from initial detection through final resolution)• Engages, directs and/or leads others in investigating and responding to potential incidents• Adheres to and maintains incident response procedures for CSIRT and other technology teams• Determines appropriate course of action in response to identified and analyzed anomalous network activity• Performs event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack• Performs trend analysis and reporting • Performs content development for CSIRT tools, such as dashboards, rules, and searches

What you bring• Bachelor's Degree in Information Technology or Security discipline and at least 3 years work experience in a network, infrastructure, or information security environment• Knowledge of basic system administration, network, and operating system hardening techniques• Knowledge of how network services and protocols interact to provide network communications• Knowledge of incident response and handling methodologies• Knowledge of practices for analyzing suspicious email• Knowledge of network traffic and packet analysis methods• Ability to interpret and incorporate data from multiple tool sources• Knowledge of common network tools (e.g., ping, traceroute, nslookup, etc.)• Knowledge of system and application security threats and vulnerabilities • Skill in recognizing and categorizing types of vulnerabilities and associated attacks

PREFERRED QUALIFICATIONS• Skill with SIEM and other security event correlation tools (Qradar, Splunk, Sentinel, etc.)• Knowledge of Regex• Knowledge or experience with cloud platforms• Scripting or programming experience (e.g. Python, Poweshell, Golang, etc.)• Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions• Knowledge of different classes of attacks• Knowledge of general attack stages (e.g., footprinting and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks, etc.)• Knowledge of common adversary tactics, techniques, and procedures• Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of Defense-in-Depth)• Knowledge of network security monitoring tools (Zeek, Snort, etc.)• Knowledge of malware analysis concepts and methodology

RELEVANT CERTIFICATIONS• GSEC, GCIA, GHIC, GCFA, GNFA, GCTI, GPEN, Security+, CysA+, EnCE, CISSP, CEH, OSCP

Employee Benefits & Well-Being

Genworth employees make a difference in people's lives every day. We're committed to making a difference in our employees' lives.

• Competitive Compensation & Total Rewards Incentives
• Comprehensive Healthcare Coverage
• Multiple 401(k) Savings Plan Options
• Auto Enrollment in Employer-Directed Retirement Account Feature (100% employer-funded!)
• Generous Paid Time Off - Including 12 Paid Holidays, Volunteer Time Off and Paid Family Leave
• Disability, Life, and Long Term Care Insurance
• Tuition Reimbursement, Student Loan Repayment and Training & Certification Support
• Wellness support including gym membership reimbursement and Employee Assistance Program resources (work/life support, financial & legal management)
• Caregiver and Mental Health Support Services