• Cyber Threat Detection and Response Team Specialist - CTDR

    Location US-RI-Johnston
    Job ID
    # Positions
    Work Location
    Works from an office location
    Employee Type
    Information Services - Information Security
  • Overview - External

    FM Global is a leading property insurer of the world's largest businesses, providing more than one-third of FORTUNE 1000-size companies with engineering-based risk management and property insurance solutions. FM Global helps clients maintain continuity in their business operations by drawing upon state-of-the-art loss-prevention engineering and research; risk management skills and support services; tailored risk transfer capabilities; and superior financial strength. To do so, we rely on a dynamic, culturally diverse group of employees, working in more than 100 countries, in a variety of challenging roles.

    Responsibilities - External

    FM Global is looking for an experienced and dedicated senior level cyber professional to complement and help lead our existing Cyber Threat Detection and Response Team (CTDR).   The CTDR team is responsible for planning, designing, building, operating, and maintaining FM Global’s enterprise cyber threat detection and response capabilities.  This includes program services such as threat intelligence, threat hunting, threat research, and content development for cyber threat monitoring platforms (SIEM/UEBA/SOAR).  The successful candidate will be an experienced practitioner who has effectively developed practices as well as sustainable supporting processes to deliver these capabilities to the enterprise.


    They should take pride in the quality of their work, and the effectiveness of the cyber security controls for which they are responsible. 


    He/she will react quickly, decisively, and deliberately in high-stress, high-impact situations and collaborate with others to understand and provide guidance surrounding these circumstances. The Senior Security Analyst will also have strong decision-making skills and the ability to implement and measure processes to show effectiveness and consistency.     

    Qualifications - External


    • Bachelor’s Degree in Information Security / Assurance, Computer Science, Information Technology, or a related discipline, or equivalent work experience or technical training with a non-related degree. (Related certifications such as LPT, OSCP, GWAPT, GWEB, GCIA, GSNA, GCIH, CISSP, CISM, CISA, CEH, GIAC, GPEN, GCED a plus)


    • Minimum of five (5) years of progressive experience in cyber security or a related discipline.


    Skills and Abilities:

    • Strong verbal and written communication skills.
    • Solid Interpersonal skills.
    • Ability to coordinate activities with team members and other stakeholders.
    • Excellent customer service skills.
    • Must have a strong work ethic, great time management skills and a positive attitude.
    • Ability to work independently or on a team
    • Ability to multi-task and change priorities with effective results.



    • An understanding of advanced cyber threats targeting enterprises, along with the tools, tactics, and procedures used by those threats
    • Working familiarity with cyber security frameworks (such as Cyber Kill Chain, MITRE ATT&CK) and experience applying those frameworks to an enterprise security program
    • Experience developing meaningful metrics which demonstrate the value of cyber threat detection and response practices to the enterprise and/or provide a real time representation of the cyber threat landscape for our specific organization or industry.
    • Experience using discovery/reconnaissance/OSINT tools; e.g. nmap, Bloodhound, shodan, etc.
    • Researching attack patterns and understanding an attacker’s Tactics, Techniques and Procedures (TTPs)
    • Ability to define and continuously improve processes to enhance efficient threat hunting operations.



    • Configure and tune data sources (vendor-provided/third-party/open-source), rules, and alerts
    • Identify visibility gaps and develop options to address them
    • Experience creating automated log correlations in SIEM/UEBA to identify anomalous and potentially malicious behavior
    • Provide expert investigative support for security incidents.
    • Experience using online sources for reliable analysis of emerging threats

    •              Ability to work with cyber threat operations and engineering team as well as other IT disciplines to design new controls and procedures to prevent future occurrences of common threats.