Company URL: https://www.berkleytechnologyservices.com/                                        

W.R. Berkley Corporation is comprised of 60+ businesses alongside Berkley Technology Services (BTS) and other shared services groups.

Here at Berkley Technology Services, the core of our success is our people. Our teams bring their own unique perspective and experiences which enables us to translate the needs of our business to deliver adaptable, secure solutions while providing an unmatched user-focused experience.

Our tagline “Thoughtful Minds | Empowering Possibilities” was crafted with our own teams in mind. At BTS, our teams thrive in Berkley’s decentralized model - leveraging the power of being part of a long standing, heritage brand with extensive expertise while innovation and being entrepreneurial is encouraged.

Internally, we operate as a relatively flat organization valuing communication and feedback. We pride ourselves in an open-door policy where no one is treated differently based on title, fostering a culture of trust, transparency, and engagement.

Mission (what we stand for):  We Believe in the value of every voice, Translate needs into capabilities, & Secure the future of Berkley. 

Vision (where we’re going): Be the foundation of Berkley through adaptable solutions, resilient environments, and an unmatched experience.

Come join us as we push forward into the future of industry leading technological solutions.

The Tier III Security Analyst - SME position is assigned to the Security Operations Team. The primary purpose of this position is to be force multiplier to proactively identify, investigate, respond, contain, and report on cyber incidents by using pattern recognition, data sets, communication, forensics, and analytics.  This position involves leadership duties and responsibilities that must continue to be performed during crisis situations and contingency operations, which may necessitate extended hours of work.

• Demonstrated leadership in directing and conducting research efforts, including prior experience as lead Investigator.
• Strong background in computer/network security concepts and technologies, including extensive knowledge of enterprise security operations and computer network vulnerabilities and exploits.
• Experience writing technical reports and presenting results to leadership.
• Identify deficiencies in security posture and develop, administer, and participate in action plans to address these gaps.
• Experience in managing large-sized projects/programs across multiple disciplines and/or teams.
• Advanced-level understanding of business risk and how to properly advise a customer through critical situations
• Conduct analysis of network traffic and host activity across a wide array of technologies and platforms Perform general SIEM monitoring, analysis, content development, and maintenance
• Conduct and drive incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts
• Compile detailed investigation and analysis reports for internal SOC consumption and delivery to leadership
• Track threat actors and associated tactics, techniques, and procedures (TTPs) by capturing intelligence on threat actor TTPs and developing countermeasures in response to threat actors
• Analyze malicious campaigns and evaluate the effectiveness of security technologies
• Provide forensic analysis of network packet captures, DNS, proxy, Netflow, malware, host-based security and application logs, as well as logs from various types of security sensors
• Conduct and provide computer forensic analysis of system memory and disk images
• Coordinate threat hunting activities across the network, leveraging intelligence from multiple internal and external sources, as well as cutting-edge security technologies
• Hunt for and identify threat actor groups and their techniques, tools, and processes
• Identify gaps in IT infrastructure by mimicking an attacker's behaviors and responses
• Provide analytic investigative support of large scale and complex security incidents
• In depth understanding of cloud service providers (CSP) security offerings
• Understanding of and ability to perform malware reverse engineering
• Effective at utilizing sandbox technologies to detonate malware samples
• Provide “Person in Charge” (PIC) coverage when on rotation.

• Strong understanding of Lockheed Martin’s Kill Chain (preferred)
• In depth knowledge of MITRE ATT&K matrix (preferred)
• Advanced understanding of networking concepts and ability to analyze network artifacts
• Effective communication across technical silos
• 6-10+ years of actual work-related experience in the field of Information Security
• Experience with SIEM solutions (preferably Splunk or similar tool) search language, techniques, alerts, dashboards, report building, and creation of automated log correlations.
• 6-10+ years of relevant cybersecurity experience in IT Security, Incident Response, or network security with a strong knowledge working in a SOC
• The ability to write well and convey information to the intended audience in an easily understood manner
• Bachelors Degree in Computer Science, Information Technology, Information Systems, or a related discipline. Equivalent experience and/or alternative qualifications will be considered.
• One or more relevant industry cybersecurity certifications preferred (GCIA, GCIH, GREM, CEH, etc.)

The Company is an equal employment opportunity employer.