Cybersecurity Analyst I (CYSECAI)

The SouthState story is one of steady growth, deep community roots, and an unwavering commitment to helping our customers move forward. Since our beginnings in the 1930s to becoming a trusted financial partner across the South and beyond - we are known for combining personal relationships with forward-thinking solutions. We are committed to helping our team members find their success while maintaining the integrity of our values: building trust, fostering lasting relationships and pursuing excellence. At SouthState, individual contributions are recognized, potential is cultivated and team members are inspired to achieve their greater purpose. Your future begins here! SUMMARY/OBJECTIVES It is the responsibility of the Cybersecurity Analyst to take ownership of all tasks and challenges that they encounter in the operation of their assigned position. Cybersecurity Analysts (CSA) are utilized across multiple teams within Cybersecurity Operations and thereby have distinct roles within their team. In general, a Cybersecurity Analyst is responsible for the collection, analysis, validation, monitoring, and response to cybersecurity intelligence and events. The CSA I performs day-to-day operational tasks by analyzing and responding to security events that have been logged and correlated by the SIEM or other security platform. A successful CSA I will have a strong understanding of the attack vectors present in the environment, the cyber kill chain, and how a threat actor would leverage those factors to perform a successful attack. The CSA I position requires initiative, accountability and ownership of tasks presented, leveraging knowledge and utilizing technical resources and other team members to drive success. ## Essential Functions - Ensures compliance with all bank policies and procedures as well as state, federal, and regulatory requirements. - Be fully aware of the enterprise’s security goals as established by its stated policies, procedures, and guidelines and actively work towards upholding those goals. Monitoring & Threat Management - Monitor all in-place security solutions for efficient and appropriate operations. - Review logs and reports of all in-place devices, whether they be under direct control (i.e., security tools) or not (i.e. workstations, servers, network devices, etc.). and interpret the implications of that activity to devise plans for appropriate resolution. - Participate in investigation and resolution of anomalous activity. - Serve as a first responder and assist with initial investigations for potential security events. - Serve as the operational focal point for third-party security vendors regarding analyzing security logs. - Collect, analyze, and disseminate cybersecurity threat intelligence. - Analyze configuration and vulnerability information to determine risk to the Bank’s data security. - Escalate adverse activity to the Incident Response Team. - Participate in the cybersecurity on-call rotation. Operational Management - Provide feedback on tuning of rules and alerts. - Provide feedback on operational tasks to assist with increasing the efficacy of the cybersecurity program. - Recommend tuning of rules that generate alerts to ensure low false positive rates. - Validate log sources and logged event types to ensure expected level of logging from systems. - Ability to analyze system configurations and technical specifications against security control standards and identify deficiencies. Threat Intelligence - Collect and analyze threat intelligence. - Assess the fidelity of received threat intelligence and implement enhancements. - Tune current threat intelligence sources and implement new sources of threat intelligence. - Provide threat intelligence to Cyber Threat Intelligence for sharing with FS-ISAC and other threat intelligence sharing communities. - Assess and make enhancements to platforms that collect and analyze threat intelligence in collaboration with Cyber Threat Intelligence. Incident Response - Serve as a member of the incident response team as needed for response to cybersecurity incidents. - Participate in incident response planning and testing exercises. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. ## Competencies - Excellent interpersonal skills, excellent computer skills, ability to read, write, speak, and understand English - Proven analytical and problem-solving abilities. - Ability to effectively prioritize and execute tasks in a high-pressure environment. - Ability to conduct research into cybersecurity issues and products as required. - Ability to present ideas in business-friendly and user-friendly language. - Highly self-motivated and directed. - Keen attention to detail. - Team-oriented and skilled in working within a collaborative environment. - Ability to learn and process new information and apply what was learned to the job. QUALIFICATIONS, EDUCATION, AND CERTIFICATION REQUIREMENTS - Education: Associate Degree (or equivalent work experience) from a regionally accredited institution in Information Security, computer science, mathematics, engineering, or a closely related field. - Experience: Two (2) or more years of direct Cybersecurity experience preferably as a cybersecurity analyst or similar role performing analysis and response to cybersecurity events at a financial institution. - Certifications/Specific Knowledge: - One or more of the following (or similar) certifications preferred: - Global Information Assurance Certification (GIAC) Certifications (e.g., GIAC Security Essentials (GSEC), GIAC Certified Incident Handler (GCIH), GIAC Continuous Monitoring Certification (GMON), GIAC Certified Intrusion Analyst (GCIA), GIAC Security Operations Certified (GSOC), GIAC Certified Enterprise Defender (GCED), GIAC Certified Detection Analyst (GCDA)) - CompTIA Certifications (e.g., Security+, CySA+) - A strong security mindset, understanding of financial sector regulatory requirements and security best practice. - Other certificates and professional credentials with cybersecurity relevance will be considered. TRAINING REQUIREMENTS/CLASSES - Annual Compliance Training - New Employee Orientation ## Physical Demands Must be able to effectively access and interpret information on computer screens, documents, reports, and cash denominations, and identify customers. This position requires a large amount of time in front of a computer. This can be done sitting or standing with use of the right desk. ## Work Environment Telecommuting roles, no matter if hybrid or 100% full time telecommuting, must have a secure home office environment that is free from background noise and distractions. They must also have a reliable private internet connection that is not supplied by use of cellular data (hot spot). Cable or fiber connections are preferred. Requirements are subject to change, as new systems and technology is delivered. Travel may be required to come to meetings as needed. ## Travel Travel may be required to come to meetings as needed. Equal Opportunity Employer, including disabled/veterans.