AIG is seeking a highly skilled cyber-defense expert to join AIG’s Global Cyber-risk Defense Center (gCDC). The Cyber Risk Defense Analyst will execute a range of threat discovery and incident response duties within the gCDC. The successful candidate will work as part of a team that conducts investigations into potential and actual cyber-attacks affecting AIG’s global business units, lines of business, or information technology infrastructure. The gCDC encompasses a number of teams across disciplines including alert validation and tuning, incident response, and cyber threat intelligence. The teams follow a kill chain-aligned operational model, giving the candidate exposure to all elements of an attack lifecycle. This position will report to a gCDC Cyber Risk Defense Team Lead and will provide guidance/direction to other Cyber Analysts.
• Investigate potential cyber-attacks and intrusion attempts, and lead containment, eradication, recovery, and lessons learned analysis of actual incidents.
• Gather forensic evidence for analysis, investigation, disciplinary action or criminal investigation.
• Leverage aggregated cyber threat intelligence, log, network flow, and anomaly data for analysis, research and the identification of potential compromise within AIG’s infrastructure or applications.
• Perform root cause analysis to identify gaps and provide technical and procedural recommendations that will reduce AIG’s exposure to cyber-risks.
• Prioritize incoming requests to minimize risk exposure and ensure the timely completion of critical tasks and the escalation of time-sensitive issues.
• Investigate escalations from the Alert Validation team. Accept or refute escalations, performing incident response to accepted events, or providing constructive feedback for refuted events.
• Provide ongoing mentorship to other Cyber Analysts and liaise with members of other gCDC functions to assess and mitigate the risks posed to AIG by identified threats.
• Provide expert input on Incident Response process definition and support the development and maintenance of documented play-book procedures, knowledge articles, and training material.
• Create detailed incident and analysis reports, and provide concise summaries for management.
• Communicate effectively with other stakeholders of our incident response efforts, including representatives of the business units, technology specialists, vendors, and others.
• Contribute to our efforts to drive continuous improvement by recommending and collecting various key metrics for reporting to senior management on Incident Response.
• Participate with other experts throughout the company to plan, test, and improve incident response capabilities.
Minimum Requirements (Knowledge, Skills, and Abilities):
• A deep understanding of cyber security operations processes, procedures, guidelines and solutions, including practical experience of cyber kill chain principles
• In-depth understanding of Windows, UNIX, and Linux operating systems, networking, malware defenses, and perimeter controls.
• Knowledge of TCP/IP networking and core Internet protocols such as UDP, ICMP, DNS, FTP, SMTP, HTTP, SNMP, etc.
• Proven ability to innovate, develop, implement, and effectively document complex technical systems and approaches.
• Development in at least two of the following languages: C, C++, Java, Perl, and Python.
• Ability to contribute to the development of custom IDS signatures or SIEM use cases.
• Knowledge of adversary tactics, techniques, and procedures, along with analysis of advanced intrusions across a complex global network; and basic cyber-security forensics procedures.
• Strong oral and written communications skills (e.g., technical writing, user guide development, requirements analysis) and ability to interact effectively with technical and non-technical audiences, as well as present in front of small and large groups.
• Understanding of how to read and interpret malware analysis reports.
• Self-starter with a sense of urgency who takes ownership and responsibility for service delivery
• Works independently with minimal guidance to drive projects to completion, while also working collaboratively with the team to achieve strategic goals
• Professional, clear, and concise communication to both technical and non-technical audiences
• Strong deductive reasoning, critical thinking, problem solving, prioritization, and consultative skills
• Proven organizational skills (time management and prioritization), and also employ a rigorous process for all follow-up / coordination activities
• Position requires access to highly sensitive confidential material. Integrity and discretion are mandatory.
• Comfortable working in a dynamic environment, balancing multiple incidents, special projects, and other activities.
• Ability to deal diplomatically and effectively at all levels of the business including both technical and non-technical staff, management and senior leadership.
• Willingness to support and develop team members while also delivering on candidate’s own responsibilities.
Experience: Minimum of three-five (3-5) years of experience in Information Security, and at least three (3) years practical experience in a Security Operations Center (SOC) environment and/or experience with security monitoring, event and anomaly analysis, intrusion detection/prevention, incident response or SIEM use case development.
Formal Education & Certification
• Bachelor of Science in Computer Science, Information Systems, or Software Engineering preferred, or relevant military or law enforcement experience.
• Active or previously held Security Clearance preferred
• Preferred Certifications:
o ISC2 SSCP (Systems Security Certified Practitioner)
o ISC2 CCFP (Certified Cyber Forensics Professional)
o GIAC Certified Intrusion Analyst (GCIA)
o GIAC Certified Incident Handler (GCIH)
o EC-Council Computer Hacking Forensic Investigator (CHFI)
o EC-Council Certified Incident Handler (CIH)
** NOTE: An equivalent combination of experience, education and/or training may be substituted for the listed minimum requirements.
WORKING CONDITIONS The analyst will perform shift-based work as part of a 24×7 global team, occasionally requiring weekend and off-hours work.
Occasional travel may be required, but less than 10% of the time.
American International Group, Inc. (AIG) is a leading international insurance organization serving customers in more than 130 countries and jurisdictions. AIG companies serve commercial, institutional, and individual customers through one of the most extensive worldwide property-casualty networks of any insurer. In addition, AIG companies are leading providers of life insurance and retirement services in the United States.
AIG Property Casualty is a global market leader, one of the few truly global property casualty franchises.
AIG Life and Retirement is one of the largest life insurance organizations in the U.S., and provides protection, investment and income solutions needed for financial and retirement security.
United Guaranty Corporation is the marketplace leader in mortgage insurance in the U.S.