Cox Communications is searching for a Threat Detection & Response (TDR) Analyst that will join the Security Operations Center (SOC) and respond to cyber threats facing Cox networks, systems, and information assets. The TDR Analyst is engaged throughout the incident lifecycle from escalation to resolution and acts by collecting and analyzing threat intelligence, performing security monitoring activities, taking appropriate action based on exposure, and reporting recommendations to leadership. This position reports to the Director of Threat Detection and Response.
Successful candidates will demonstrate a strong business acumen and possess a blend of general business, technology, and security competencies. This is a unique opportunity to work for a telecommunications company protecting national critical infrastructure.
- Detect and respond to incidents related to users, workstations, servers and the network using SIEM, behavioral analytics, and network analysis to promptly detect and mitigate the impact of cyber incidents.
- Track, respond, and document cybersecurity incidents in a consistent and well-organized manner from detection through resolution.
- Perform analysis of log files from a variety of sources (e.g., Windows, Linux, network traffic, firewalls, intrusion detection system [IDS] logs, or application logs) to identify potential threats to the environment.
- Perform incident triage, to include scope, urgency, and potential impact, making recommendations that enable expeditious remediation.
- Review and respond to questions and escalated security events from junior analysts.
- Stay current with the latest trends in threat intelligence, security monitoring and incident response.
- Collect and review intelligence data from relevant sources including subscription and open-source feeds.
- Create and monitor reference sets across different applications to support threat hunting and monitoring.
- Develop ad-hoc scripts to extend capabilities and complete tasks-at-hand.
- Requires a Bachelor of Science in Computer Science, or a related discipline and a minimum of 4 years of technical experience in the Information Security field, OR Master’s of Science in a related discipline + 2 years of experience, OR PhD + 1 year of relevant experience.
- Experience with Log Management/SIEM tools (e.g., ArcSight, IBM/Qradar, Splunk, McAfee/Nitro, ELK, LogRhythm, etc.)
- Deep knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
- Strong experience triaging security events using a variety of tools including SIEM / SOAR / XDR in a security operations environment.
- Experience with network traffic, firewalls, ID, proxies, antivirus, mail, and spyware solutions.
- Cloud experience with AWS and/or Azure environments.
- Experience in programming / scripting languages, such as PowerShell, Python, or Bash.
- Knowledge of network security architecture concepts including topology, protocols, components, and principles.
- Experience with host forensics, timelines, memory and disk analysis.
- Strong understanding of malware analysis concepts and methodologies.
- Proficiency with common cybersecurity frameworks and regulatory requirements like MITRE ATT&CK, Kill Chain, OWASP.
- Strong process execution, time management and organizational skills.
- Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
- BS in Computer Science, Information Systems, Engineering.
- Experience with endpoint security agents like Microsoft Defender, Carbon Black or CrowdStrike.
- Experience with network forensics and associated toolsets, (Suricata, Wireshark, PCAP, tcpdump) and analysis techniques.
- Experience with host-based detection and prevention suites like Microsoft SCEP or OSSEC.
- Experience navigating and working in hybrid cloud environments.
- Understanding of log collection and aggregation techniques, Elastic Search, Logstash, Kibana (ELK), syslog-NG, Windows Event Forwarding (WEF).
- Certifications like OSCP, GCIH, GCFE, GCFA.
About Cox Communications
Cox Communications is the largest private telecom company in America, serving six million homes and businesses. That’s a lot, but we also proudly serve our employees. Our benefits and our award-winning culture are just two of the things that make Cox a coveted place to work. If you’re interested in bringing people closer through broadband, smart home tech and more, join Cox Communications today!
Cox empowers employees to build a better future and has been doing so for over 120 years. With exciting investments and innovations across transportation, communications, cleantech and healthcare, our family of businesses – which includes Cox Automotive and Cox Communications – is forging a better future for us all. Ready to make your mark? Join us today!
Benefits of working at Cox may include health care insurance (medical, dental, vision), retirement planning (401(k)), and paid days off (sick leave, parental leave, flexible vacation/wellness days, and/or PTO). For more details on what benefits you may be offered, visit our benefits page.
Cox is an Equal Employment Opportunity employer - All qualified applicants/employees will receive consideration for employment without regard to that individual’s age, race, color, religion or creed, national origin or ancestry, sex (including pregnancy), sexual orientation, gender, gender identity, physical or mental disability, veteran status, genetic information, ethnicity, citizenship, or any other characteristic protected by law.
Statement to ALL Third-Party Agencies and Similar Organizations: Cox accepts resumes only from agencies with which we formally engage their services. Please do not forward resumes to our applicant tracking system, Cox employees, Cox hiring manager, or send to any Cox facility. Cox is not responsible for any fees or charges associated with unsolicited resumes.