About our Team Global Cyber Security Office - The Global CSO's mission is to mitigate cyber security risk by actively working with the CBRE business, Digital & Technology and other partner organizations (Compliance, Risk Mgmt., Audit, & Legal) to seamlessly integrate security processes, tools, and people into the business culture providing a holistic security ecosystem, driving continuous improvements and seamless protection / monitoring capabilities globally.
A passion for research and uncovering the unknown about cyber security threats and threat actors.
Use threat intelligence, analysis of anomalous log data and results of brainstorming sessions to detect and eradicate threat actors.
Provide expert analytic investigative support of large scale and complex security incidents.
Continuously improve processes for use across multiple detection sets for more efficient operations.
Review alerts generated by security infrastructure for false positive alerts and modify as needed.
Provide forensic analysis of network packet captures, DNS, proxy, NetFlow, malware, host-based security and application logs, as well as logs from various types of security sensors.
Create and tune models / SIEM alerts for automated response orchestration
Review security events to determine impact to CBRE
Analyze available data sources, security tools, and threat trends and lead security monitoring and analysis techniques to identify attacks against the enterprise.
Collaborate with the global security operations teams to provide targeted threat hunting reports on a regular cadence.
Take escalations from the global security operations center and treat appropriately
Establish runbooks and assist with tabletop exercises
Experience leading complex technical projects, meeting target timelines, facilitating project meetings, authoring project documentation, and negotiating issue resolution
Required Knowledge and Skills:
Understanding of the tactics, techniques, and procedures (TTPs) used by threat actors against endpoints
Intermediate to Expert experience managing policies and tuning within Carbon Black Defense and Response
Familiarity with modern methods of network and endpoint attacks and compromise such as MITRE ATT&CK techniques
Experience with vendor endpoint security controls
Experience with network-based endpoint security controls
Proven ability to work in a team-oriented, collaborative environment
Direct experience of Linux/Unix and Windows operating systems, enterprise SIEM, and packet capture analysis toolset
Knowledge of regular expressions and at least one scripting language (PERL, Python, PowerShell)
Experience with PowerBI Reporting is a plus
Qualifications and Education:
5-7 yrs. of IT security experience or equivalent skills
Minimum of 3+ years of related working experience in endpoint security preferred
One or more security related certifications, such as CISSP, GIAC, or GCIH is highly desired
Bachelor's Degree preferred
Internal Number: 20022503
With broader and deeper capabilities than any other company, CBRE is the leading full-service real estate services and investment organization in the world.
CBRE Group, Inc. is the world’s largest commercial real estate services and investment firm, with 2017 revenues of $14.2 billion and more than 80,000 employees (excluding affiliate offices). CBRE has been included in the Fortune 500 since 2008, ranking #214 in 2017. It also has been voted the industry’s top brand by the Lipsey Company for 17 consecutive years, and has been named one of Fortune’s “Most Admired Companies” in the real estate sector for six years in a row. Its shares trade on the New York Stock Exchange under the symbol “CBRE.”
CBRE offers a broad range of integrated services, including facilities, transaction and project management; property management; investment management; appraisal and valuation; property leasing; strategic consulting; property sales; mortgage services and development services.