Lead Cyber Defense Analyst

Job description

Company Description

Experian is a global data and technology company, powering opportunities for people and businesses around the world. We help to redefine lending practices, uncover and prevent fraud, simplify healthcare, create marketing solutions, and gain deeper insights into the automotive market, all using our unique combination of data, analytics and software. We also assist millions of people to accomplish their financial goals and help them save time and money.

We operate across a range of markets, from financial services to healthcare, automotive, agribusiness, insurance, and many more industry segments.

We invest in people and new advanced technologies to unlock the power of data. As a FTSE 100 Index company listed on the London Stock Exchange (EXPN), we have a team of 22,500 people across 32 countries. Our corporate headquarters are in Dublin, Ireland. Learn more at experianplc.com.

Job Description

As a Cyber Defense Lead, you will join Experian’s Cyber Fusion Center, performing in-depth analysis, evaluation and response to security threats. The team provides global 24x7 security operations and monitoring for cybersecurity events affecting Experian. It is the first line of defense in Experian’s broader incident response and incident management responsibilities. The team receives and triages cybersecurity alerts, including being the dedicated contact for potential security incidents reported by users (e.g., Experian employees). You will report into the Sr. Manager of SecOps and Threat Detection.

You’ll have opportunity to:

• Monitor the daily operations of the team, being the primary liaison between analysts and leadership
• Provide advanced support and act as a designated contact for the Cyber Defense Analysts (e.g., consulting on investigation / analysis)
• Oversee response activities for security events and alerts associated with cyber threats, intrusions, or compromises
• Use investigative experience and technical skills to analyze events using security tooling and logging (e.g., SIEM, EDR) and assess potential risk
• Monitor for anomalous changes in metrics, notable open incidents, quality concerns, or observed risks
• Complete assigned caseload throughout the incident response lifecycle, including analysis, containment, eradication, recovery, and lessons learned
• Ensure incident updates are performed, documented and that case hand-off processes are completed
• Be a mentor to Cyber Defense Analysts, providing feedback on the quality of work to analyst(s) and management
• Lead the development of relevant Standard Operating Procedures (SOPs), and training materials
• Collaborate with the Cyber Threat Intelligence (CTI) and content development teams (Threat Detection Engineering) on use case developments

Qualifications

• 5+ years of information security experience working within a Security Operations Center or Cyber Security Incident Response Teams; at least 1 of which ideally includes experience as a team lead
• Bachelor’s Degree in Computer Science, Computer Engineering, Information Systems, Information Security, or a related field.
• History of interpreting device and application logs from a variety of sources (e.g., Firewalls, Proxies, System Logs, Splunk) to identify cause
• 1+ professional certifications related to Digital Forensics, Incident Response, or Ethical Hacking(e.g., GCIH, GMON, GSOC, CEH, GCFA, ENCE)
• Information security management certifications (CISSP, CISM)
• Knowledge of the Incident Response Life Cycle, MITRE ATT&CK Framework, and Cyber Kill Chain
• Understanding of common Operating Systems (Windows, Linux, Mac OS), Networking (Firewalls, Proxies, NetFlow), Cloud Infrastructure (AWS, Azure, GCP), and Security Technologies (Anti-Virus, Intrusion Prevention, Web Application Firewalls)
• Experience with Security Monitoring applications such as SIEM (e.g., QRadar, Splunk), EDR (e.g., CrowdStrike Falcon, Microsoft Defender)
• Experience with SOAR technologies such as Palo Alto XSOAR and Google SecOps (Chronicle)
• Security analysis and architecture knowledge using tools including Defender for Cloud, Wiz.io, GuardDuty, CloudTrail, or CloudWatch.
• Record of improving the way work is performed, originating action and ideas to lead enhancements to existing processes.
• Abvailable to work outside of normal work hours to respond to cybersecurity incidents

Additional Information

Benefits/Perks:

• Great compensation package and bonus plan
• Core benefits including medical, dental, vision, and matching 401K
• Flexible work environment, ability to work remote, hybrid or in-office
• Flexible time off including volunteer time off, vacation, sick and 12-paid holidays
• Explore all our exciting benefits here: https://yourexperianbenefits.com/cand-index.html

At Experian, our people and culture set us apart. We’re deeply committed to creating an environment where everyone feels they belong and can excel. From inclusion and authenticity to work/life balance, development, wellness, collaboration, and recognition, we focus on what truly matters. Our people-first approach has earned us global recognition: World’s Best Workplaces™ 2024 (Fortune Top 25), Great Place To Work™ 2025 in 26 countries, and Glassdoor Best Places to Work 2024, among others.

Want to see what life at Experian is really like? Explore Experian Life on social or visit our Careers Site.

Our compensation reflects the cost of labor across several U.S. geographic markets. The base pay range for this position is listed above. Within this range, individual pay is determined by work location and additional factors such as job-related skills, experience, and education. You will be also eligible for a variable pay opportunity.

Experian is proud to be an Equal Opportunity and Affirmative Action employer. Innovation is an important part of Experian’s DNA and practices, and our diverse workforce drives our success. Everyone can succeed at Experian and bring their whole self to work, irrespective of their gender, ethnicity, religion, colour, sexuality, physical ability or age. If you have a disability or special need that requires accommodation, please let us know at the earliest opportunity.

#LI-Remote