Lead Security Analyst

**Overview** The Information Security Office’s (ISO) vision is to realize a culture of security that manages risks, defends against threats, and integrates information security into business and technology. The Global Cyber Security (GCS) Team supports this vision thoughthe detection, analysis, and mitigation of cyber security threats facing Enterprise rent a car. The Digital Forensics and Incident Response (DFIR) Team under GCS is responsible for the coordination and investigation of cyber security incidents, forensic analysis,and forensic data collection in support of Enterprise’s business functions.

**Responsibilities** As a Lead Security Analyst on the DFIR Team, you will:

- Coordinate resources during a cyber-security event, driving issues to a timely and complete resolution.
- Conduct analysis, response, triage, recovery, and improvements for security events affecting Enterprise Holdings.
- Perform work in a fast-paced environment utilizing a set of security related tools (e.g. WAF, SOAR, SIEM, UBA, IDS/IPS, anti-virus, firewalls, etc.), developing new team processes, verifying/testing new monitoring tools, and working with internal/externalteams on security issues. ?
- Conduct investigations into moderate to complex cyber security incidents using fundamental incident response processes and approach
- Present complex technical incident details to legal, privacy, and senior EHI leadership for evaluation
- Use lessons learned to improve EHI’s security posture in conjunction with the GCS leadership team
- Ensure constant state of incident readiness that adapts to the changing threat landscape by maintaining playbooks and processes used by the team
- Ensure forensic practices are followed in the collection and preservation of data related to security incidents, legal holds, and other investigations
- Establish, foster and maintain relationships withinthe Global Cyber Security team, as well as with other IT teams, business teams, and vendors
- Contribute to, and lead, meetings within and outside of department

**Qualifications** **Required**:

- Must have professional related experience
- Subject matter expert in multiple areas of responsibility such as: alert monitoring, incident response, cloud security, forensic investigations, security awareness, etc.
- Excellent documentation, analytical and reporting skills - ability to present to all levels of staff and leadership
- Experience responding to security incident types, such as DDoS attacks, anomalous activity, malware infections, APT activity, unauthorized access, data extraction, etc.
- Ability to analyze forensic and log data to identify root cause and or indicators of compromise
- Advanced knowledge of Network Protocols, Packet Captures, Security Controls, Scripting, SIEM, standard ticketing systems, Open Source Tools, Web Application Firewalls, PKI, and vulnerability scanning
- Understanding of sound investigative techniques for suspected and confirmed incidents
- Ability to gather all relevant incident information, in accordance with incident management and response processes, and analyze incident information to understand the scope of the incident
- Experience with task automation and developing new and improved processes
- Desire to lead and work in a team environment and must have displayed team-centric and leadership skills, including leading and facilitating meetings (in-person and/or virtual)
- Must have a strong solution orientation
- Must have excellent problem solving and analytical skills, the ability to define problems, collect data, establish facts and draw valid conclusions.
- Must be able to work independently with a sense of ownership to accomplish department and project tasks.Must be committed to