Lead Cybersecurity Incident Response Analyst

  • Company: Discover
  • Location: Riverwoods, Illinois
  • Posted: December 14, 2017
  • Reference ID: P108056_S2
Discover. A more rewarding way to work.

At Discover Financial Services, you'll find yourself in the company of some of the industry's smartest and most reliable professionals. And at a company that rewards dedication, values innovation and supports growth.

Thrive in an environment that promotes teamwork and shared success. Build on a foundation of mutual respect. Join the company that understands rewarding careers like no other, with this exceptional opportunity:

Lead Cybersecurity Incident Response Analyst

Job Description

The Discover Security Intelligence and Incident Response Team (SIIRT) provides world-class digital incident response services. As a member of the SIIRT Digital Forensics and Incident Response team (DFIR), the role will be responsible for performing CSIRT activities including: responding to computer security incidents, gathering forensic evidence, analyzing events based on digital artifacts, determining mitigation/remediation/security improvement opportunities, and working with stakeholders to communicate findings. The DFIR team works closely with other members of SIIRT including the Security Operations Center (SOC), Threat Intelligence, and other Cybersecurity and enterprise teams to maintain a secure operating environment for Discover.

  • Execute timely, thorough, and effective incident handling through collaboration and innovation
  • Utilize security monitoring technologies to analyze security events
  • Provide mitigation services for identified threats and security incidents
  • Maintain evidence integrity during digital forensic acquisitions and analysis
  • Complete thorough documentation for incident investigations including root cause analysis, relevant forensic artifacts, and technical and procedural lessons learned
  • Identify innovative opportunities for DFIR tools and processes which enable rapid analysis and response to security incidents at enterprise scale
  • Deliver presentations and executive briefings regarding relevant security incidents and findings to senior management
  • Create and maintain documentation for DFIR including technical procedures, detailed diagrams, pertinent metrics, and report templates
  • Promote a risk-aware culture, and ensure efficient and effective risk and compliance management practices by adhering to required industry standards and processes
  • Collaborate with and provide guidance to DFIR teammates, members of SIIRT, and other internal security teams
  • Contribute thought leadership and technical solutions back into the investigative and DFIR community at a local and global level


SIIRT DFIR is dedicated, driven, and passionate about securing our organization through data-centric creativity. The ideal candidate is an Incident Response expert possessing 8+ years of technical experience, with the following qualifications:
  • A deep understanding and experience in Digital Forensics and Incident Response
  • Expert-level proficiency with major DFIR tools and techniques, including disk, memory, network forensics, and malware reverse engineering
  • Strong multi-disciplinary background in information technologies such as: enterprise web applications, operating systems, computer programming, networking, and system administration
  • Bachelor's degree or equivalent work experience

Promote a risk-aware culture, ensure efficient and effective risk and compliance management practices by adhering to required standards and processes.


We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.

Share this Job