<p>Description</p> <p>We are seeking a skilled and proactive Level 2 Cybersecurity Analyst to join our Cyber Defense Operations team. This role is responsible for investigating and responding to security incidents, performing advanced threat analysis, and supporting the continuous improvement of detection and response capabilities. You'll work closely with junior analysts, threat intelligence, and incident response teams to ensure timely detection and mitigation of security threats across Citizens Bank's enterprise environment.</p> <p>Key Responsibilities</p> <ul> <li>Investigate escalated security alerts and incidents from Level 1 analysts. </li><li>Perform root cause analysis and impact assessments of security events. </li><li>Conduct threat hunting and anomaly detection across enterprise systems. </li><li>Collaborate with incident response teams to contain and remediate threats. </li><li>Correlate threat intelligence with internal telemetry to identify emerging threats and attack patterns. </li><li>Assist in the creation of use cases and offer recommendations for tuning detection rules in SIEM and other monitoring tools. </li><li>Recommend improvements to incident response playbooks and runbooks. </li><li>Provide mentorship and guidance to Level 1 analysts. </li><li>Participate in post-incident reviews and contribute to lessons learned. </li><li>Represent Cyber Defense in cross-functional security and risk initiatives. </li></ul> <p>Required Knowledge Areas</p> <ul> <li>Deep understanding of network and endpoint security concepts. </li><li>Knowledge of threat actor tactics, techniques, and procedures (TTPs). </li><li>Familiarity with the MITRE ATT&CK framework and threat intelligence platforms. </li><li>Knowledge of regulatory and compliance frameworks (e.g., NIST, ISO, PCI-DSS). </li></ul> <p>Required Skills</p> <ul> <li>Proficient in log analysis, packet capture review, and malware analysis. </li><li>Strong analytical and problem-solving skills. </li><li>Experience with scripting or automation (Python, PowerShell, Bash). </li><li>Effective oral and written communication skills for both technical and non-technical audiences. </li><li>Ability to work independently and collaboratively in a high-pressure environment. </li></ul> <p>Qualifications</p> <ul> <li>Bachelor's degree in Cybersecurity, Computer Science, or a related field, or equivalent experience. </li><li>2-5 years of experience in cybersecurity operations or incident response. </li><li>Security certifications such as CySA+, GCIH, GCIA, CEH, or equivalent preferred. </li><li>Experience with SIEM platforms (e.g., Splunk, Sentinel, QRadar) and EDR tools (e.g., CrowdStrike, Microsoft Defender). </li><li>Willingness to participate in a rotating on-call schedule or extended hours during critical incidents. </li></ul> <p>Preferred Experience</p> <ul> <li>Hands-on experience with: </li><li>SIEM Tools: Splunk, ArcSight, Sentinel, QRadar </li><li>EDR/XDR: CrowdStrike, Microsoft Defender, SentinelOne </li><li>Network Security: Palo Alto, Cisco, Check Point, FirePower </li><li>Data Protection: Symantec DLP, Triton, Guardium </li><li>Threat Intelligence & SOAR Platforms </li><li>Cloud Security Monitoring: AWS, Azure, or GCP environments </li></ul> <p>Hours Work and Schedule</p> <ul> <li>Hours per Week: 7am - 5pm </li><li>Work Schedule: Monday - Thursday </li></ul> <p>Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance.</p> <p>Equal Employment Opportunity</p> <p>Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague's or a dependent's reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens, we are committed to fostering an inclusive culture that enables all colleagues to bring their best selves to work every day and everyone is expected to be treated with respect and professionalism. Employment decisions are based solely on merit, qualifications, performance and capability.</p> <p>Background Check</p> <p>Any offer of employment is conditioned upon the candidate successfully passing a background check, which may include initial credit, motor vehicle record, public record, prior employment verification, and criminal background checks. Results of the background check are individually reviewed based upon legal requirements imposed by our regulators and with consideration of the nature and gravity of the background history and the job offered. Any offer of employment will include further information.</p> <p>Benefits</p> <p>We offer competitive pay, comprehensive medical, dental and vision coverage, retirement benefits, maternity/paternity leave, flexible work arrangements, education reimbursement, wellness programs and more.</p> <p>View Benefits</p> <p>Awards We've Received</p> <p>Glassdoor Best Place to Work in Consulting, Finance & Insurance</p> <p>The Banker's</p> <p>US Bank of the Year</p> <p>Dave Thomas Foundation's Best Adoption-Friendly Workplace</p> <p>Disability:IN Best Places to Work for Disability Inclusion</p> <p>Human Rights Campaign Corporate Equality Index 100 Award</p>