Job Description
Are you passionate about leading global cybersecurity innovation and change Do you thrive in environments that encourage critical thinking, creativity, and challenging the status quo
Honeywell Aerospace is looking for a cybersecurity analyst (L2) to support security monitoring and incident response. The role involves analysing security incidents, responding to emerging threats and safeguarding the organization against cyberattacks.
This position allows deep insight into various aspects of cyber security and will require attention to detail, a sense of urgency, and strong communication skills.
Responsibilities
Duties and Responsibilities
- Participate on a team of highly skilled cybersecurity incident responders.
- Build and maintain processes and procedures
- Assist with driving complex cybersecurity incidents to successful conclusion
- Understand root causes of cybersecurity incidents
- Perform initial analysis, identification, and remediation of network intrusions, application attacks, and computer system compromises.
- Help mentor junior analysts in our L1 team to help build a pipeline of talent that flows into L2
- Constantly optimize work procedures and automate recurring tasks. Develop and update technical documentation and formulate work instructions to address repeating issues.
- Collaborate with global team members based in the US, India and Europe.
- Participate in global on-call rotation.
- Serve as part of a 24/7 shift support (no night shifts).
Qualifications
- Bachelor's degree in Cybersecurity, Computer Science, or equivalent experience.
- 3+ years of experience in Security operations, Information security or Incident response.
- Expertise in Splunk or other SIEM tools.
- Expertise in Microsoft Defender for Endpoints (MDE) or other Endpoint Detection & Response (EDR) solutions.
- Excellent written and verbal communication skills, with ability to explain technical analysis to stakeholders.
- Good technical knowledge of Windows/Linux operating systems, various types of applications, and networking technologies
- Analytical skills in threat, vulnerability, and intrusion detection analysis.
- Keen understanding of threat vectors as well as exfiltration techniques.
- Technical ability to analyse network traffic, endpoint logs, identity and other security data to identify signs of compromise.
- Good understanding of common cyber threats, attack stages (reconnaissance, exploitation, lateral movement), and cybersecurity frameworks such as Kill Chain and MITRE ATT&CK
- Ability to develop and follow complex work instructions and document incident reports for tracking and analysis.
- Willingness to learn and adapt to new technologies in the cybersecurity domain.
We value
- Experience with SIEM tools such as Splunk or similar technologies for monitoring and response.
- Experience with SOAR Solutions like XSOAR/Demisto.
- Knowledge in cloud security (Azure, AWS, MS Office 365).
- Knowledge of Linux and Windows operating system.
- Experience in malware analysis, threat intelligence and memory forensics.
- Detailed knowledge of Endpoint Detection and Response tools.
- One or more widely recognized certifications from renowned institutions such as GIAC/SANS, ISC/CISSP or Microsoft.
- Knowledge of scripting language(e.g. Python or PowerShell) for analysis and automation.
- Experience working within a global, process-driven organization.
