Discovery is at the heart of everything we do. Wherever you find us around the world, if you can think of a product, you can probably find it in our stores, which include TJ Maxx, Marshalls, HomeGoods, Sierra, Winners, Homesense, and TK Maxx. With variety comes plenty of happy surprises—our environment is ever-changing, and that’s just how we like it. Every day is an opportunity to discover something new about our business, our partnerships and even something exciting about yourself. Ready to Discover Different?

What you’ll do

The Cybersecurity Alert Response team fulfills a critical role for IT Security – monitoring, alerting, and responding to detected security signals. The team partners with security & other IT technology owners to develop security monitoring and alerting strategies and implementations that quickly identify security threats and turn them into action to defend protected IT assets, including data, devices, and infrastructure. We are looking for a motivated and experienced Threat Content & Automation Analyst to help us mature our security monitoring and detection capabilities.

As a Threat Content & Automation Analyst, you will define strategies for turning security signals into detections, generating alerts for presentation to alert analysts who, in turn, assess and take appropriate action. You will partner with leaders in other IT Security services such as Threat Actor Emulation and Threat Hunting to ensure that proper defenses exist for common, known security threats in our environment and also ensure that we can ward off many threat actors. Security technology teams will work with you to ensure that any technology’s built-in detections can be handled appropriately by operations teams, and that we can build custom detections when required. Finally, you’ll play a key role in building and implementing an automation strategy, integrating the use of security orchestration, automation, & response (SOAR) technology to provide contextual data and make alert analysis more efficient, making our security defenses more effective with speed.

What you’ll need

Our team is looking for people with a passion for cyber security, intellectual curiosity, and willingness to drive better solutions and get results. We want associates that are familiar with fostering a strong collaborative environment in high-pressure situations, responding with appropriate speed and urgency to critical security issues. You’ll need to know many of the most common technologies used for security monitoring & alerting, including deep details of SIEM and SOAR technology application in a large-scale environment, along with common patterns for security detection.

Successful Candidates will have:

• Minimum of 8 years of IT Security experience
• Bachelor’s degree or equivalent experience in Cyber Security, Information Technology, Information Assurance, or a related field
• Experience in cybersecurity threat operations, including the processes of collection, processing, correlation, alerting, and response actions taken in defense of a large-scale cloud and on-prem application environment
• Knowledge and expertise in key SIEM and SOAR techniques and technologies such as Splunk, Splunk Enterprise Security (ES), Anvilogic, Palo Alto Cortex XSOAR, and other related technologies.
• Knowledge and expertise in common programming languages used in security technology integration: Splunk Search Processing Language (SPL), Python, SQL/KQL, and simple scripting (Powershell, Bash)
• A strong aptitude and a “can-do” attitude, with a willingness to teach other technology teams how to best generate appropriate security alerts for handling by cybersecurity threat operations teams

Preferred Qualifications

• Master’s degree or equivalent experience in Cyber Security, Information Technology, Information Assurance, or a related field
• Direct, relevant experience in Security Operations Center (SOC) content development and automation implementations
• Certifications such as CISSP, CompTIA Security+, etc.
• Familiarity with the NIST Cyber Security Framework (CSF), common security controls and their purposes, and technologies that supply those controls

Join us and Discover Different at TJX, click here to learn more.

Full COVID-19 vaccination, including a booster once eligible, is a condition of employment at TJX, subject to reasonable accommodation where required by law.

#LI-DNI

Come Discover Different at TJX. From opportunity and teamwork to growth, we think you’ll find that it’s so much more than a job. When you’re a part of our global TJX family, you have the full support of a diverse, close-knit group of people dedicated to finding great deals and fantastic style. Best of all? They have a lot of fun doing it.

We care about our culture, but we also prioritize the tangible stuff (Competitive salaries: check. Solid benefits: check. Plenty of room for advancement: of course). It’s our way of empowering you to make your career here.

We consider all applicants for employment without regard to race, color, religion, gender, sexual orientation, national origin, age, disability, gender identity and expression, marital or military status. We also provide reasonable accommodations to qualified individuals with disabilities in accordance with the Americans with Disabilities Act and applicable state and local law.