Kyndryl is looking for a Cyber Defense Analyst to join our cybersecurity defense efforts. In this role, you'll be responsible for hunting cyber adversaries, protecting infrastructure, and analyzing sophisticated threats through hands-on incident response, security operations, and proactive threat intelligence.
What You'll Do
- Analyze network and host activity associated with both successful and unsuccessful intrusions by advanced attackers.
- Contribute to enterprise incident response efforts and provide on-call support outside of core hours as needed.
- Leverage understanding of tactics, techniques, and procedures to create and add custom signatures that mitigate highly dynamic threats.
- Employ advanced forensic tools and techniques for attack reconstruction and intelligence gathering.
- Proactively research emerging cyber threats and apply analytical understanding of attacker methodologies.
- Contribute to threat intelligence reports and briefings that provide situational awareness of cyber threats.
- Participate in threat hunt operations using known adversary tactics, techniques, and procedures.
- Collaborate using information and knowledge sharing networks and professional relationships.
What We're Looking For
- 4+ years of experience in a Cybersecurity field, or 2+ years with a bachelor’s degree in a related field.
- Expertise in network or host-based intrusion analysis, digital forensics, or malware analysis.
- Familiarity in utilizing EDR tools for detection and response (CrowdStrike, Defender, XDR, etc.).
- Experience in creating custom behavior or network-based detections to detect malicious activity.
- Experience performing 'deep dive' analysis and correlation of log data from multiple sources (PCAP, forensic artifacts, etc.).
- Ability to leverage actionable threat intelligence to increase security posture within enterprise environments.
- Proficient with contributing to and/or leading incident response activities.
- Understanding of Operating Systems and Network Protocols.
- Familiarity with Microsoft Windows administrative tools, and the Unix/Linux command line.
- Familiarity with Security Operations Center experience including experience with security automation platforms (XSOAR, Tines, etc.).
- Proficiency with XSIAM, Splunk, or other SIEM-type platforms.
- Understanding of behavioral-based threat models, including ATT&CK, Cyber Kill Chain, Diamond Model, etc.
- Excellent technical writing and presentation skills.
Nice to Have
- Valid and current certification or equivalent experience in one of the following: CISSP / CompTIA Security+ / Certified Cloud Security Professional / GIAC Security Essentials.
- An understanding of advanced cyber threats targeting enterprises, along with the tools, tactics, and procedures used by those threats.
- Experience applying threat and data modeling, advanced data correlation, and statistical analysis to develop alerts, notable events, investigative dashboards, and metrics-driven reports.
- Familiarity with scripting (e.g., Python, PowerShell) and Jupyter Notebooks for basic automation of security analysis tasks.
- Experience as a Threat Researcher and/or Intelligence Analyst.
Technical Stack
- EDR tools: CrowdStrike, Defender, XDR
- Security automation platforms: XSOAR, Tines
- SIEM platforms: XSIAM, Splunk
- Forensic tools
- Microsoft Windows administrative tools
- Unix/Linux command line
- Scripting: Python, PowerShell
- Jupyter Notebooks
Team & Environment
This role is part of the Kyndryl CSIRT (Cybersecurity Incident Response Team).
Benefits & Compensation
- Access to skilling and certification programs through industry alliances and vendors.
- Support for personal growth and career path development.
- Employee learning programs with access to industry-leading certifications (Microsoft, Google, Amazon, Skillsoft, etc.).
- Enterprise-wide volunteering and giving platform.
- Support for employee well-being and family.
Kyndryl is committed to creating a more equitable and inclusive world, values diversity of thought and identity, and fosters an inclusive workplace through networks and support. We are invested in employee success and collective achievement.
