Key skills
CloudFirewallsLinuxPythonSplunkPowerShellNetwork Security
About this role
Role Overview
- Lead triage and investigation of security alerts, escalating and coordinating incident response as needed.
- Perform root cause analysis, scope affected assets, and drive containment, eradication, and recovery.
- Correlate events across SIEM, EDR, IDS/IPS, firewalls, cloud logs, and identity platforms to identify true positives and reduce false positives.
- Develop, refine, and maintain SOC playbooks, runbooks, and detection logic aligned to the MITRE ATT&CK framework.
- Mentor junior analysts and provide guidance on investigation techniques, documentation standards, and operational best practices.
- Coordinate with Threat Intelligence to enrich investigations, track adversary TTPs, and proactively hunt for indicators of compromise.
- Partner with Engineering teams to tune detections, improve log fidelity, and strengthen preventive controls.
- Create clear, actionable incident reports and executive summaries; contribute to metrics and trend analysis.
- Support purple team exercises and post-incident reviews to capture lessons learned and drive continuous improvement.
- Ensure adherence to regulatory and security policies; maintain audit-ready documentation for investigations and incidents.
Requirements
- 8+ years of experience in a SOC, incident response, or threat detection role, including Tier 2/3 investigations.
- Advanced proficiency with SIEM (e.g., Splunk, QRadar, Sentinel), EDR (e.g., CrowdStrike, Microsoft Defender), and SOAR platforms.
- Strong knowledge of network security, Windows/Linux, identity systems, and common cloud logging sources.
- Hands-on experience with the MITRE ATT&CK framework, threat hunting, IOC/IOA development, and detection tuning.
- Demonstrated ability to lead complex incidents, coordinate stakeholders, and communicate clearly under time pressure.
- Scripting or automation experience (e.g., Python, PowerShell) for investigation enrichment and workflow improvements.
- Familiarity with NIST CSF/800-61, CIS Controls, and common regulatory requirements impacting incident response.
- Excellent documentation skills and an evidence-driven approach to investigations.
Tech Stack
- Cloud
- Firewalls
- Linux
- Python
- Splunk
Benefits
- BNY offers highly competitive compensation, benefits, and wellbeing programs rooted in a strong culture of excellence and our pay-for-performance philosophy. We provide access to flexible global resources and tools for your life’s journey. Focus on your health, foster your personal resilience, and reach your financial goals as a valued member of our team, along with generous paid leaves, including paid volunteer time, that can support you and your family through moments that matter.