Principal Cyber Security Operations Center (Incident Response)

Capital One
McLean, Virginia
Jun 18, 2021
Jun 29, 2021
Full Time
Center 2 (19050), United States of America, McLean, Virginia

Principal Cyber Security Operations Center (Incident Response)

With team members in McLean, VA, and Nottingham, UK, the Cyber Security Operation Center Response team at Capital One investigates cyber security concerns, implementing containment and eradication as needed, and coordinating recovery. The associate in this role will respond to cybersecurity incidents which have the potential to impact the confidentiality, integrity, or availability of Capital One information assets.

General Responsibilities:
  • Support day-to-day cybersecurity threat detection and incident response operations
  • Understand technology infrastructure and operational processes in order to enable a more effective incident response process
  • Communicate deep technical security threat & operations awareness across the Cyber division, to include the CISO and CIO
  • Maintain Incident Response incident response playbooks, processes and workflows, and tools
  • Identify and enhance processes where automation has the potential to improve efficiency
  • Coordinate with and support the Cyber Incident and Event Management team during incidents and other high priority matters
  • Coordinate with various Information Security Officer teams in clarifying security risks, and roles and responsibilities related to ongoing Incident Response cases
  • Provide support to operational & cybersecurity strategy development
  • Provide guidance and direction on best practices for the protection of information
  • Maintain updated knowledge of best practices in Cybersecurity Operations and Incident Response processes to identify and recommend new technologies and/or processes with the potential to enhance operations
  • Utilize industry recognized frameworks such as NIST 800-61 to perform and document work activities, and to preserve evidence

Basic Qualifications:
  • At least 3 years of experience in a Security Operations Center or supporting an Incident Response Team
  • At least 2 years of experience in Network Security and Security Perimeters
  • At least 2 years of experience with TCP IP protocol analysis
  • At least 2 years of experience with packet capture devices, syslog, netflow and application performance management
  • At least 2 years of experience with cyber threat analysis

Preferred Qualifications:
  • Bachelor's Degree in Computer Science, Information Systems, Engineering or similar fields.
  • AWS Certified Security, GCFE, GCFA, GNFA, or GREM
  • Experience using EnCase, FTK Imager, or Magnet Axiom
  • Experience using Volatility for memory analysis
  • Experience performing static malware analysis

At this time, Capital One will not sponsor a new applicant for employment authorization for this position.

Similar jobs