Security Operations Analyst- Digital Forensics Service Owner

The Security Operations Analystisalsoresponsible forperforming Security Incident Responseactionsincludingexecuting the daily operational procedures for monitoring the Security Incident and Event Management (SIEM) triage channels and taking the appropriate action to ensure that all Information Security Incidents (ISIs) are handled accordingly. This role will also be responsible for the measurement and continual improvements of all Information Security Response (ISIR) program operational procedures. Thesuccessful completion of allexecutedproceduresand collation of informationis also expected.

Digital Forensics Service Owner

• Maintain the Lilly onsite forensic lab equipment and tool validation

• Serve as the primary point of contact forservice providers supporting Digital Forensics services

• Provide on-call availability forescalationsraisedby service providersoutside of normal business working hours

• Participate in regular service reviews with suppliers

• Track supplier performance, verify/audit supplier metrics, and ensure viability of service levels

• Support alignment of Digital Forensics serviceswith the current and future needs of the business

• Define improvements in the quality ofDigital Forensicsservices delivered

• Interface with External Supplier Management team to analyze supplier performance

• Coordinate services and plans to ensure priorities are addressed appropriately

• Act as primary communication liaison on a day-to-day basis regarding service delivery changes, problems,and recovery efforts 

• Take accountability for incident escalation and ensure there is a defined approach for incident management and resolution

• Provide early warning to management regarding degraded or missed service levels

• Review service offerings/changes to determine the impact on the Digital Forensics service, including any modifications to business planning for the service.

• In conjunction with Corporate Auditing Service and Quality, audit the services to ensure adherence to processes and procedures

• Explain highly complex and technical details to a variety of audiences including executives, legal advisors, peers, partners, and other analysts.

Incident Response

• Monitor incoming detected events via the SIEM triage channel and other intake channels for prospective ISIs per operational procedures and guidelines

• Execute the Information Fusion Procedure as necessary

• Adhere to all defined Incident Response Service Level Agreements.

• Monitor Team email mailbox for activities related to Team ISI engagements

• Monitor SOC ticket (and email) queue for prospective event reporting from outside entities and individual users

• Rapidly identify, categorize,and prioritize detected events as the initial information security event detection group for the enterprise using all available Cyber Fusion detect sources

• Ensure detected event(s) are addressed in a rapid manner using available reporting and metrics

• Perform analysis and triage of prospective ISIs, and advance or close detected events as applicable

• Use available tools to analyze detected events

• Document analysis results, ensuring relevant details are Included

• Reference and update Team Knowledge Base as necessary for changes to processes and procedures, and awareness of daily intelligence reports and previous shift logs

• Perform additional auxiliary responsibilities as outlined in the Console Monitoring Procedure

• Interact with other Information Security and IT Infrastructure groups as necessary

• Serve as a backup analyst for any coverage gaps to ensure business continuity

• Bachelor’s Degree in Computer Science/Information Technology or related field with3+years experience with digital forensics technologies and standard processes (Information Security, Network Operations, System Administration, Incident Response or similar information technology related experience) OR

• High School Degree/GED with 5 years experience with digital forensic technology and standard processes.