Lead Cyber Defense Analyst - Remote

Experian is a global data and technology company, powering opportunities for people and businesses around the world. We help to redefine lending practices, uncover and prevent fraud, simplify healthcare, create marketing solutions, and gain deeper insights into the automotive market, all using our unique combination of data, analytics and software. We also assist millions of people to accomplish their financial goals and help them save time and money.

We operate across a range of markets, from financial services to healthcare, automotive, agribusiness, insurance, and many more industry segments.

We invest in people and new advanced technologies to unlock the power of data. As a FTSE 100 Index company listed on the London Stock Exchange (EXPN), we have a team of 22,500 people across 32 countries. Our corporate headquarters are in Dublin, Ireland. Learn more at experianplc.com.

As a Cyber Defense Lead, you will join Experian's Cyber Fusion Center, performing in-depth analysis, evaluation and response to security threats. The team provides global 24x7 security operations and monitoring for cybersecurity events affecting Experian. It is the first line of defense in Experian's broader incident response and incident management responsibilities. The team receives and triages cybersecurity alerts, including being the dedicated contact for potential security incidents reported by users (e.g., Experian employees). You will report into the Sr. Manager of SecOps and Threat Detection.

You'll have opportunity to :

Monitor the daily operations of the team, being the primary liaison between analysts and leadership

Provide advanced support and act as a designated contact for the Cyber Defense Analysts (e.g., consulting on investigation / analysis)

Oversee response activities for security events and alerts associated with cyber threats, intrusions, or compromises

Use investigative experience and technical skills to analyze events using security tooling and logging (e.g., SIEM, EDR) and assess potential risk

Monitor for anomalous changes in metrics, notable open incidents, quality concerns, or observed risks

Complete assigned caseload throughout the incident response lifecycle, including analysis, containment, eradication, recovery, and lessons learned

Ensure incident updates are performed, documented and that case hand-off processes are completed

Be a mentor to Cyber Defense Analysts, providing feedback on the quality of work to analyst(s) and management

Lead the development of relevant Standard Operating Procedures (SOPs), and training materials

Collaborate with the Cyber Threat Intelligence (CTI) and content development teams (Threat Detection Engineering) on use case developments

5+ years of information security experience working within a Security Operations Center or Cyber Security Incident Response Teams; at least 1 of which ideally includes experience as a team lead

Bachelor's Degree in Computer Science, Computer Engineering, Information Systems, Information Security, or a related field.

History of interpreting device and application logs from a variety of sources (e.g., Firewalls, Proxies, System Logs, Splunk) to identify cause

1+ professional certifications related to Digital Forensics, Incident Response, or Ethical Hacking(e.g., GCIH, GMON, GSOC, CEH, GCFA, ENCE)

Information security management certifications (CISSP, CISM)

Knowledge of the Incident Response Life Cycle, MITRE ATT&CK Framework, and Cyber Kill Chain

Understanding of common Operating Systems (Windows, Linux, Mac OS), Networking (Firewalls, Proxies, NetFlow), Cloud Infrastructure (AWS, Azure, GCP), and Security Technologies (Anti-Virus, Intrusion Prevention, Web Application Firewalls)

Experience with Security Monitoring applications such as SIEM (e.g., QRadar, Splunk), EDR (e.g., CrowdStrike Falcon, Microsoft Defender)

Experience with SOAR technologies such as Palo Alto XSOAR and Google SecOps (Chronicle)

Security analysis and architecture knowledge using tools including Defender for Cloud, Wiz.io, GuardDuty, CloudTrail, or CloudWatch.

Record of improving the way work is performed, originating action and ideas to lead enhancements to existing processes.

Abvailable to work outside of normal work hours to respond to cybersecurity incidents

Benefits / Perks :

Great compensation package and bonus plan

Core benefits including medical, dental, vision, and matching 401K

Flexible work environment, ability to work remote, hybrid or in-office

Flexible time off including volunteer time off, vacation, sick and 12-paid holidays

Explore all our exciting benefits here :

At Experian, our people and culture set us apart. We're deeply committed to creating an environment where everyone feels they belong and can excel. From inclusion and authenticity to work / life balance, development, wellness, collaboration, and recognition, we focus on what truly matters. Our people-first approach has earned us global recognition : World's Best Workplaces 2024 (Fortune Top 25), Great Place To Work 2025 in 26 countries, and Glassdoor Best Places to Work 2024, among others.

Want to see what life at Experian is really like? Explore Experian Life on social or visit our Careers Site.

Our compensation reflects the cost of labor across several U.S. geographic markets. The base pay range for this position is listed above. Within this range, individual pay is determined by work location and additional factors such as job-related skills, experience, and education. You will be also eligible for a variable pay opportunity.

Experian is proud to be an Equal Opportunity and Affirmative Action employer. Innovation is an important part of Experian's DNA and practices, and our diverse workforce drives our success. Everyone can succeed at Experian and bring their whole self to work, irrespective of their gender, ethnicity, religion, colour, sexuality, physical ability or age. If you have a disability or special need that requires accommodation, please let us know at the earliest opportunity.

#LI-Remote