The Estée Lauder Companies (ELC) Inc. is a Fortune 500, multinational manufacturer and marketer of prestige skincare, makeup, fragrance and hair care products, headquartered in New York City. As the global leader in prestige beauty, we touch over half a billion consumers a year. The company owns a diverse portfolio of brands, distributed internationally through both digital commerce and retail channels. ELC prizes the confidentiality of its consumers and therefore places a premium on cybersecurity. As the business world becomes increasingly digital and cyber threats grow in number and in sophistication, ELC will continue to invest and develop a proactive people-centered, cybersecurity program. The Enterprise Cybersecurity and Risk (ECR) team leads these efforts. The ECR Cyber Threat Management Senior Analyst for Threat Intelligence will be part of a small but highly skilled team that is focused on providing to the enterprise its cyber threat intelligence, consistent with the threats and scale of a Fortune 500 retail, wholesale, and manufacturing enterprise entering a period of rapid business growth through innovation and acquisition. Projects of the threat intelligence team could be focused on research and thought leadership around. threat modeling, threat intelligence, insider threat, awareness and education, risk metrics, security analysis, and the interruption of the kill chain. Cyber Threat Intelligence is involved in all aspects of the business, including all brands, functions, and regions worldwide, and thus requires interaction, in partnership with the ECR Risk, Solutions and Assurance team, with all levels of technical and business acumen.
This role necessarily deals with highly confidential and sensitive information, and the role is expected to conform to best handling practices.
Impact the global Cyber Threat Intelligence function, including collaboration with Legal, Human Resources, Global Communications, Corporate (Physical) Security, other Information technology (IT) teams, and leadership across brands, functions, and regions. Focus on threat intelligence and contribute to Security Operations Center (SOC) projects, which include security analysis, threat intelligence, insider threat, and metrics.
This will require emergency decisions in response to active attacks outside of routine technology processes and communication of those decisions to technical personnel and leaders.
Responsibilities will include high-priority work from the following projects:
Threat Intelligence/Threat Education & Awareness •Threat Intelligence Vendor + Monitoring •Cyber Threat Management Advisories •ECR Daily Threat Briefing Script Maintenance •Threat Matrix (High-Level Deck) •Prioritized Uplifts based on Cyber Threat Landscape •Threat Intelligence Automated Indicators of Compromise Feeds Program Management
Security Analysis/Monitoring/Incident Response •Operational Support for Investigations/Forensics •Incident Response Procedures/Policies/Mini-Exercises
Information security familiarity with CyberSecurity operations (identify, protect, detect, respond, and recover functions); malware, and attack patterns (offensive and defensive technologies); scenario planning; mobile security; threat intelligence monitoring; and information security metrics. Hands on experience in these domains and other key technology domains, such as coding/developing, understanding technology standards, understanding attack methodologies, deploying new technologies, and integrating new and existing technologies is preferred, but not required.
Inquisitiveness to understand global, regional, and local cyber threats across the retail industry as well as to supply chain, R&D, manufacturing. Ability to understand and communicate impact of threats “standard” technology platforms and applications.
Understanding of retail/manufacturing sufficient to correlate attackers' motives and capabilities to business impacts and to make appropriately control adjustment recommendations. Experience working in or with a 24/7 cyber threat management operation (e.g. a Security Operations Center (SOC)). Experience generating metrics and driving efforts to completion is preferred, but not required.
Strong communication and report writing skills, to translate complex cyber threat intelligence topics into business impact and business concerns.
Experience handling, securing, and communicating highly confidential and sensitive information.
Job: Information Technology
Primary Location: Americas-US-NY-Long Island City
Job Type: Standard
Shift: 1st (Day) Shift
Job Number: 1925079
We are an equal opportunity employer. Minorities, women, veterans, and individuals with disabilities are encouraged to apply. It is Company's policy not to discriminate against any employee or applicant for employment on the basis of race, color, creed, religion, national origin, ancestry, citizenship status, age, sex or gender (including pregnancy, childbirth and related medical conditions), gender identity or gender expression (including transgender status), sexual orientation, marital status, military service and veteran status, physical or mental disability, protected medical condition as defined by applicable state or local law, genetic information, or any other characteristic protected by applicable federal, state, or local laws and ordinances. The Company will endeavor to provide a reasonable accommodation consistent with the law to otherwise qualified employees and prospective employees with a disability and to employees and prospective employees with needs related to their religious observance or practices. Should you wish to apply for this position or any other position with the Company and you believe you require assistance to complete an application or participate in an interview, please contact USApplicantAccommodations@Estee.com.
Apply on company website