Lead D&R Analyst - remote

Posted 3 years ago

ACV Auctions is the leading dealer-to-dealer, online automotive marketplace in the nation. We bring transparency to every transaction from start to finish, ensuring peace of mind and value for our customers. We do this with a combination of the industry’s best technology and the world’s best people. As a result of our team’s tireless effort and dedication, we’re growing at a staggering rate. ACV is attracting new people from widely different backgrounds and geographies who are invested in the genuine belief that we are creating something special.   

ACV Auctions is looking for a Lead Detection and Response Analyst. A Lead Detection and Response Analyst is responsible for evolving D&R team and practice maturity across practice areas. They must be proficient and able to be accountable for at least 2 practice areas. They are responsible for providing 2nd and 3rd tier support to relevant partners and staff and for maturing D&R processes. They will be a seasoned specialist that is capable of leading and coordinating other individuals and teams during an active incident and day-to-day operations. They are also responsible for facilitating root cause analysis, high-level incident reporting and collaborating to resolve root cause. The Lead of D&R will provide support and answers for complex Alerts or bugs within the D&R framework and system. The Lead will be responsible for working with the Program Manager to determine work that needs to be done to fulfill and evolve the capabilities of a practice area and then make sure that work is assigned and completed.

Responsibilities: 

- Day-to-Day program coordination.
- Day-to-Day resource coordination.
- Management and executive reporting.
- Financial/budget and resource planning.
- Instrumentation design and automation.
- Manage 3 practice areas.
- Can handle Security Alerts and provide Incident Response services independently, it's not expected someone knows everything but this person should be able to identify what needs to be answered to solve a Security Incident. The L4 should know how to "get" those answers.
- Able to Develop Process(s), comfortable writing tools and services in code along within documentation repositories. Much of the "coding" will happen in a SOAR tool but likely there will be scripts that use API's and process Json.
- Specific area of interest and Detection / Response: APT attackers? Phishing? Persistence? IDS/IPS - this is the persons craft they should aim to create a roadmap for this lane and ways to develop ACVs ability in that category.
- Contribute to the development and improvement of Security Monitoring and Incident Response processes and solutions as required to support our Cybersecurity program.
- Able to work with vendors and run PoC's, QBR's and keep roadmap up to date with what's new in our key vendors areas.
- Overall understanding of the Security domain, compliance, business, risk, ops etc ALONG with it's application to the business.
- Extrapolation of IDS/IPS (Intrusion Detection System/Intrusion Prevention System) and SIEM (Security Information Event Management) monitoring alerts defining potential attack vectors.
- Able to take new findings ("what's in the news") and attack vectors and apply them to ACV - proactive detection and remediation of new exploits.


Required Knowledge &Skills:

- Minimum Five (5) years of prior hands-on experience in Cybersecurity or Information Technology discipline.
- Real world experience using modern Security tools in a Cybersecurity program (SIEM, AV, Firewall, IDS, IPS etc).
- Working experience on a SOC, Blue/Red/Purple Team (handled Security Alerts in some environment).
- Security Certifications (i.e. Security+, CISSP, CEH, SANS, etc.).
- Participation in Hack-A-Thons or Community Style Tech Events.
- Experience as a Threat Operations team member, Security Researcher, Cyber Threat Researcher, or Cyber Crime investigator.
- Bachelors degree in Cyber Security, Computer Science or Relevant Work Experience.
- IR Program, Process and Playbook development.
- In-depth understanding of modern technical security controls (i.e. firewalls, SIEMS, IPS, HIDS), as well as, detection capabilities and other practices / solutions for securing digital environments, to include packet flows / TCP &UDP traffic, firewall and proxy technologies, anti-virus, Intrusion Detection/Prevention Systems and other host-based monitoring, email monitoring and spam technologies, etc.
- The ability to analyze the content of data and captures from sources such as networks, hosts (volatile/live memory), electronic media, log data, and network devices in support of intrusion analysis or enterprise level information security operations.
- Experience with Threat Hunting.
- Experience with IOC Enrichment and Analysis.
- Experience with Log Analysis, Event Correlation, Incident Management Procedures and Systems.
- Prior experience leveraging common scripting languages (PowerShell, Bash, Python) to parse logs, and automate repeatable tasks.
- Experience with SOAR platforms or "playbook" driven Detections and Responses.
- Understanding of TCP/IP Networking including knowledge of Protocols and Services.
- Understanding of what Information or Assets are of value to Threat Actors and how Organizations are Breached and Customer Accounts Compromised.
- Program development.
- Strategic planning.

ACV Auctions is an equal opportunity employer (EOE) and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.