EY Senior Endpoint Detection Cyber Analyst in Wichita, Kansas
At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.
Cyber Managed Services – SIGDEV Analyst-Linux/MacOS – Senior
EY’s Cyber Managed Services (CMS) Signature Development (SIGDEV) team develops, tests, and documents endpoint and network malicious behavior detection signatures for EY’s Threat Detection and Response (TDR) Managed Service. EY’s TDR Managed Service provides organizations with the people, process and technology coordinated to detect, disrupt, and contain cyber-attacks before business assets are impacted, and where required to respond effectively to scope, contain, and safely restore business operations. The TDR team provides 24x7x365 threat monitoring, triage and analysis for malicious activity wherever digital assets reside; assessing alerts to identify and disrupt malicious activity; hunting for behavioral indications of attacks that have evaded current detection countermeasures; managing and enhancing security technologies to identify attacks better, faster and more accurately; and working collaboratively with client personnel to identify improvements to their cybersecurity plans and programs.
This role operates within the EY CMS team and is responsible for developing, testing, and documenting custom malicious behavior detection signatures to support EY CMS’ mature attack detection and disruption capabilities in support of EY’s CMS clients. This role will focus on endpoint and network detection signatures with an emphasis on MacOS and Linux operating system associated detection signatures.
The role will periodically assist and advise SIGDEV customers on signature selection and implementation and understanding detection results. This position will help train and mentor SIGDEV team members to develop, test, and document detection signatures.
EY SIGDEV team members possess diverse industry knowledge, along with unique technical expertise and specialized skills. The team stays cutting-edge relevant by researching new security trends and threats; continuously training; innovating through brainstorming and in lab environments; and sharing knowledge on thought leadership topics with internal teams, clients, and outside stakeholders. Team members work collaboratively using varied communication methods to enhance detection signature effectiveness.
To qualify for the role, you must have
1+ years of documented experience developing detection signatures for Linux and/or Mac OS, preferably for a mainstream Endpoint Detection and Response (EDR) appliance/application, such as Carbon Black or 2+ years documented experience in Linux and/or Mac OS file system investigation and demonstrated understanding of how file system artifacts can be leveraged for detection signatures along with a desire to develop, test, and document detection signatures
Experience describing user and system file system behaviors orally and in writing
Experience or demonstrated ability to identify and convey orally and in writing potential defender actions when malicious behavior is detected
Demonstrated understanding of the purpose of the MITRE Att&ck Framework and how it can be used to characterize and classify detection signatures
Demonstrated ability to access a shell and execute select commands in a Linux and/or Mac OS based environment
Demonstrated ability to execute shell or other scripts
Identifying and leveraging artifacts, gleaned from independent research, details of customer requests, and 3rd party and EY generated cyber threat intelligence, of behavior for detection signatures
Developing, testing, and documenting malicious behavior detection signatures for use in a variety of detection applications, such as endpoint detection and response (EDR) applications and network security monitoring (NSM) applications
Developing, testing, and documenting malicious behavior detection signatures for use against Mac OS and Linux based systems and environments
Identifying and executing, in approved environments and follow EY and SIGDEV specific codes of conduct and rules of engagement, pre-designed or vendor provided behavior emulations as well as custom test design and execution for detection signature efficacy testing
Developing detailed background information and suggested defender actions for detection signature documentation
Collaborate and coordinate, using a variety of communication mediums, on ideas for detection coverage and technical solutions with fellow SIGDEV teammates and others in EY
Constantly enhance and expand technical knowledge within areas of expertise
Taking full responsibility for tasks including consistently reviewing own work to identify and improve own approach for producing quality work products. Completing work in a timely manner and take responsibility for all work outputs
Providing feedback to the team about new or emerging client needs and demonstrating an understanding of EY's key competitive capabilities and value propositions for relevant clients.
Seeking, developing, and presenting ideas to apply EY's services
Preferred candidates will also have:
Significant prior experience working in a SOC environment
Knowledge of memory and disk-based forensic analysis
Knowledge of static and dynamic malware analysis
One or more relevant industry certifications, such as Security+, Linux+, SANS certifications, etc.
Experience in scripting or programming associated with cyber investigation or system administration
Ability, expressed through stated accurate description or documented experience, to emulate malicious behavior using benign commands, scripts, or vendor provided capability
Strong Unix, Windows, networking, and wireless security skills.
Experience using technology platforms including Security Information Event Management (SIEM), Network Security Monitoring (NSM), Endpoint Detection and Response (EDR), Endpoint Protection (EPP), network traffic analysis, and log analysis.
Experience with threat hunting and threat hunting methodologies (e.g., analyst-driven, tactic- or technique-driven, threat intelligence-driven and scenario-based threat hunting)
Experience integrating cyber threat intelligence with incident response investigations and threat hunting
Applied knowledge in at least one scripting or development language (such as Python)
Demonstrated characteristics of a forward thinker and self-motivator who thrives on new challenges and adapts to rapidly within the changing threat environment
Strong analytical and problem-solving skills
Ability to work collaboratively in a team environment
Your Key Responsibilities
Opportunities: Support new business opportunities by participating in market-facing activities and developing thought leadership materials. Understand EY and its service lines. Facilitate team members to work together to generate new ideas that connect EY’s capabilities to clients.
Business Development: Support select business development efforts by helping to scope and size of SIGDEV contributions for RFP responses and proposals.
Project Management: Use project management methods, effective communication, support resources and technology to enhance the efficiency of services and effectiveness of outputs.
Quality: Deliver high quality work products and customer services. Participate in quality reviews, assessments, and corrective actions. Drive outputs and deliverables within expected timeframes and resource costs. Develop plans, oversee activity, monitor progress, manage risk, and ensure key stakeholders are kept informed about progress and expected outcomes.
Risk: Analyze and apply an understanding of cyber and industry trends to identify engagement and client opportunities and risks as they apply to detection signature development. Use knowledge of cyber threat and security current events to generate areas for threat mitigation.
Improvement: Analyze and apply an understanding of complex enterprise IT and security systems to identify SIGDEV detection strengths and weaknesses. Use knowledge of client’s cyber environments and industry trends to generate areas for improvement. Draft and present improvement reports and presentations to key engagement stakeholders.
Documentation: Collaborate and lead team members through SIGDEV development and innovation projects. Develop project plans, timelines, milestones and supporting documentation.
Reports: When needed, oversee the development of draft and final reports for select analysis and innovation projects.
Leadership: Use effective communication and leadership methods to promote healthy teamwork and responsibility among engagement team members. Foster a high-performance, innovative, and inclusive team-oriented work environment. Lead by example by serving as counselor and mentor to junior professionals within the firm.
Meetings: Participate in internal SIGDEV team and stakeholder meetings. Prepare for and conduct select SIGDEV team and stakeholder meetings pertaining to signature development, innovation, and improvement.
Communication: Use effective and professional communication methods in correspondence in email, discussions in chat, presentations with visual aids and in speaking with team members and key SIGDEV stakeholders. Monitor customer communication for timely response to requests, responses, and notifications.
Relationships: Foster relationships with colleagues and customers both inside and outside EY.
Training: Regularly attend training and thought leadership presentations. Share findings from and presentations to internal team members.
Collaboration: Support other teams by collaborating and presenting in formal information sharing meetings as well as participating in chat channels offering insights to teams working with clients.
Skills and Attributes for Success
Stay informed of changes and innovations in the threat detection, threat response, and incident response domains
Follow the latest trends in threat trends, actors, tactics, and techniques
Explore innovation and areas for continuous improvement
Develop solutions both strategically and analytically
Effectively communicate when interacting with clients, senior leaders, technical SMRs, support staff, vendors, and business partners in both technical and nontechnical terms
Engage with clients by listening and understanding their needs
Escalate risks and issues to appropriate governance channels
Create and deliver internal and client reports and presentations
Develop trends and metrics
Work on multiple, simultaneous initiatives
Promote communication and collaboration while coordinating activities among multiple teams
Adhere to service quality standards and program management requirements
Provide constructive feedback when interacting, mentoring and training team members
Work collaboratively in a cross-functional team environment that is culturally diverse and geographically dispersed.
What we look for
We are most interested in your ability to succeed in a team environment while growing your personal and professional capabilities. A drive to provide exceptional attention to detail and consistently deliver high-quality work is key to success at EY.
What working at EY offers
We offer a competitive compensation package where you will be rewarded based on your performance and recognized for the value you bring to our business. Our comprehensive Total Rewards package includes medical and dental coverage, pension and 401(k) plans, a flexible vacation policy with 19 observed holidays, and a range of programs and benefits designed to support your physical, financial and social well-being. Plus, we offer:
Support and coaching from some of the most engaging colleagues in the industry
Opportunities to develop new skills and progress your career
EY is committed to being an inclusive employer. We strive to achieve the right balance for our people, enabling us to deliver excellent client service whilst allowing you to build your career without sacrificing your personal priorities. While our client-facing professionals can be required to travel and at times be based at client sites, our flexible working arrangements can help you to achieve a lifestyle balance.
As a global leader in assurance, tax, transaction and consulting services, we hire and develop the most passionate people in their field to help build a better working world. This starts with a culture that believes in giving you the training, opportunities and creative freedom to make things better. So that whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.
If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible.
Make your mark. Apply today.
EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status or disability status.
What we offer
We offer a competitive compensation package where you’ll be rewarded based on your performance and recognized for the value you bring to our business. In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options. Under our flexible vacation policy, you’ll decide how much vacation time you need based on your own personal circumstances. You’ll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.
Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.
Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.
If you can demonstrate that you meet the criteria above, please contact us as soon as possible.
The exceptional EY experience. It’s yours to build.
EY | Building a better working world
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.
EY is an equal opportunity, affirmative action employer providing equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, national origin, protected veteran status, disability status, or any other legally protected basis, including arrest and conviction records, in accordance with applicable law.
EY is committed to providing reasonable accommodation to individuals with disabilities. If you are a qualified individual with a disability and either need assistance applying online or need to request an accommodation during the interview process, please call 1-800-EY-HELP3, type Option 2 (HR-related inquiries) and then type Option 1 (HR Shared Services Center), which will route you to EY’s Talent Shared Services Team or email SSC Customer Support at email@example.com .