EY Security Analyst II in Alpharetta, Georgia

Security Analyst II

Core Business Services

Requisition # ALP001MJ

Post Date Mar 09, 2018

Join our Core Business Services (CBS) team and you will help support the important business enablement functions that keep our organization running strong. As a CBS professional, you will work across teams to provide the knowledge, resources and tools that help EY deliver exceptional quality service to our clients, win in the marketplace and support EY’s growth and profitability. Major teams within CBS include Finance, Information Technology, Human Resources, Enterprise Support Services, Brand Marketing and Communications, Business Development, Knowledge and Risk Management.

With so many offerings, you have the opportunity to develop your career through a broad scope of engagements, mentoring and formal learning. That’s how we develop outstanding leaders who team to deliver on our promises to all of our stakeholders, and in so doing, play a critical role in building a better working world for our people, for our clients and for our communities. Sound interesting? Well this is just the beginning. Because whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.

Job summary:

Under limited supervision the CDRC (Cyber Defense Response Center) Analyst II will report to the US CDRC Manager. He/she will work collaboratively to detect and respond to information security incidents, develop, maintain, and follow procedures for security event alerting, and participate in security investigations. The CDRC Analyst II will perform tasks including monitoring, research, classification and analysis of security events that occur on the network or endpoint. The CDRC Analyst II should have familiarity with the principles of network and endpoint security, current threat and attack trends, a basic understanding of the OSI model, and have a working knowledge of defense in depth strategies.

The CDRC Analyst II must be competent to work at a technical level, be capable of identifying threats and vectors that cause security events, and be able to follow defined procedures for mitigating said threats.

**The US CDRC team provides coverage seven days a week between 7:00 AM and Midnight EST. After an initial two week period for on-boarding (Monday – Friday, 07:00 – 16:00), depending on the need the CDRC Analyst will be working Sunday – Wednesday (07:00 – 18:00), Wednesday – Saturday (07:00 – 18:00), with potential to change to other shifts as they become available.

Key responsibilities:

  • Respond to network and host based security events

  • Participate in detecting, investigating, and resolving security events

  • Capable of working independently while supporting CDRC Analyst I as necessary

  • Identify and propose areas for improvement within the Cyber Defense Response Center

  • Provide documentation and project support

  • Act as second and/or third-tier support for the CDRC Analyst I

  • Act as a peer group leader to help train support staff

  • Serve as an escalation point for difficult problems and complex inquiries

  • Server as shift lead when necessary

  • Serve as a back-up to the CDRC Manager

Knowledge, skills and experience requirements:

  • Information Security Principles, Technologies, and Practices

  • Proven experience with multiple security event detection platforms

  • Thorough understanding of TCP/IP

  • Demonstrated integrity in a professional environment

  • Good social, communication and technical writing skills

  • Comfortable navigating and troubleshooting Linux and Windows system issues

Qualifications, certifications and education requirements:


  • Bachelors or Master’s Degree in Computer Science, Information Systems, Engineering or relative work experience.


  • Minimum of 2-3 years of experience in one or more of the following:

  • Working in a Security Monitoring/Security Operations Center environment (SOC)

  • Experience investigating security events, threats and/or vulnerabilities

  • Understanding of electronic investigation and log correlationProficiency with the latest intrusion detection platforms; working knowledge of Linux and/or Windows systems administration (Including AD).

  • Scripting or programming (Shell scripting, Power Shell, C, C#, Java, etc.)

Desired: Previous leadership experience as a team lead or supervisor.

Desired Certifications: GCIH, CISM, CEH, GCFA, GCIA, GSEC, GIAC, CISSP, Security