Zions Bancorporation is seeking a Cyber Incident Response Engineer to join our Cybersecurity Operations Center (CSOC) team. You will be a key contributor in defending the enterprise from malicious actors, actively improving cyber incident response capabilities and driving the CSOC's growth and evolution.
What You'll Do
- Respond to cybersecurity incidents.
- Apply knowledge in multiple cybersecurity tools and processes such as SIEM, IDS, EDR, DLP, WAF and similar.
- Develop and implement monitoring use cases, cyber incident response procedures, playbooks and other technical documentation.
- Collaborate with Enterprise Cybersecurity Architecture and technology teams in monitoring and alerting infrastructure, processes, and tools.
- Participate in the on-call rotation to maintain 24/7 coverage in responding to alerts and possible threats.
What We're Looking For
- 4+ years experience in Security Operations, Incident Response, Security Architecture, supporting Information Security infrastructure or a combination of the two or other directly related experience.
- Hands-on technical experience with one or more commercial SIEM products such as Splunk (preferred), IBM QRadar, LogRhythm, ArcSight, NetWitness, etc., including defining and writing alert conditions/use cases.
- Experience producing technical documentation, standard operating procedures, and incident response playbooks.
- Technical knowledge in networking, Windows administration, Linux administration, common attack techniques and preventions.
- Working knowledge of common attack vectors, different classes of attacks and general attack stages.
- Knowledge of system administration concepts for UNIX/Linux and Windows operating systems.
- Foundational knowledge of networking such as packet capture analysis and routing and switching.
- Understanding of common social engineering techniques such as phishing and sim swapping.
Nice to Have
- Working knowledge of common digital forensics techniques such as chain of custody and operating system investigation strongly preferred.
- Development experience with scripting languages such as R, HIVE, Python, JavaScript, etc., is a plus.
- Experience with any Endpoint Detection and Response platform is a plus.
- Relevant technical certifications are a plus (ex: SANS, ISC2).
- Experience working in a regulated industry (financial services, healthcare, insurance, etc.) is a plus.
Technical Stack
- SIEM, IDS, EDR, DLP, WAF
- Splunk, IBM QRadar, LogRhythm, ArcSight, NetWitness
Team & Environment
You will report to the Cybersecurity Operations Center (CSOC) team, which is part of the Enterprise Information Security department within the Enterprise Technology and Operations division, a group of over 1100+ technical people. We are committed to technology and innovation, focused on creating business value. You'll join a team where input matters, collaborating with sharp colleagues whose work is truly valued.
Benefits & Compensation
- Medical, Dental and Vision Insurance starting day one.
- Life and Disability Insurance, Paid Parental Leave and Adoption Assistance.
- Health Savings (HSA), Flexible Spending (FSA) and dependent care accounts.
- Paid Training, Paid Time Off (PTO) and 11 Paid Federal Holidays.
- 401(k) plan with company match, Profit Sharing, competitive compensation in line with work experience.
- Mental health benefits including coaching and therapy sessions.
- Tuition Reimbursement for qualifying employees.
- Employee Ambassador preferred banking products.
Work Mode
This is a hybrid role based in Midvale, Utah, United States.
All candidates, including those with criminal histories will be considered for employment. However, a background check adjudicated consistently with the FDIC Section 19 regulation will be completed on any candidate who accepts a conditional job offer from the Company.
