Cybersecurity Analyst

Company Description

Join Wynn Resorts’ Information Security Operations Center (SOC) and help protect one of the world’s premier hospitality and gaming organizations. As part of our “WE Life” culture, you’ll lead a strategic group of analysts with hands‑on experience across the full incident lifecycle—detection, triage, response, and remediation—in a fast‑paced, high‑stakes environment.

The Cybersecurity Analyst is a critical member of our Info Sec team, responsible for safeguarding the integrity, confidentiality, and availability of Wynn’s data and systems. You’ll leverage advanced security tools, automation, and threat intelligence to proactively defend against evolving cyber threats across on‑premises, cloud, and hybrid environments.

• Monitor security alerts and logs across SIEM, EDR/XDR, firewalls/IDS, email security, identity management, and cloud platforms to identify potential security incidents.
• Perform multi‑level triage (Level 1–3): assess alerts, validate relevance/impact, elevate or close as appropriate.

• Conduct deep investigations of confirmed incidents, including event timeline reconstruction, scope determination, containment, and remediation recommendations.
• Correlate data across identity, endpoint, network, application, and cloud sources to identify suspicious activity (e.g., abnormal logins, privilege escalation, data exfiltration).

• Consume, analyze, and operationalize threat intelligence feeds to proactively identify emerging threats.
• Develop and use scripts (Python, Power Shell) to automate detection, investigation, and reporting tasks.

• Conduct vulnerability scans, risk assessments, and basic penetration testing; coordinate remediation with IT teams.
• Support patch management and ensure alignment with security frameworks (NIST, ISO, CIS) and regulatory compliance (PCI‑DSS, HIPAA, GDPR).

• Support or deliver security awareness training and phishing simulations for staff.
• Collaborate with IT, compliance, business units, and senior Info Sec engineers to coordinate incident response and remediation efforts.

• Generate clear, high‑quality incident and investigation reports for technical and business audiences.
• Maintain and update inventories of critical assets: identity stores, privileged accounts, data stores, endpoints, applications.

• Tune and improve detection rules, playbooks, and runbooks based on incident learnings and the evolving threat landscape.
• Leverage SOAR and AI/ML tools to enhance SOC efficiency and threat detection.

• Participate in periodic security audits, reviews, and preparedness exercises.
• Provide on‑call support for after‑hours incident detection and response, as required.

• Bachelor’s degree in computer science, Information Security, Cybersecurity, or related field—or equivalent work experience.
• 2–5 years hands‑on experience in security operations, SOC, or similar roles, including alert triage, incident response, log investigation, EDR/IDS/Firewall monitoring, or SIEM operations.
• Proficiency with SIEM, EDR/XDR, firewalls/IDS, identity management, endpoint monitoring, and log analysis.
• Basic scripting skills (Python, Power Shell) for automation and analysis.
• Experience with cloud security monitoring and incident response (AWS, Azure, GCP).
• Knowledge of security frameworks (NIST, ISO, CIS) and regulatory compliance (PCI‑DSS, HIPAA, GDPR).
• Certifications:
  
  CompTIA Security , CySA , CEH, CISSP, CISM, GIAC, or cloud security certifications (AWS Certified Security, Azure Security Engineer) preferred.
• Strong analytical thinking, investigative mindset, attention to detail, and ability to handle ambiguous or incomplete data.
• Excellent communication skills—written and verbal—to document incidents, interact with stakeholders, and explain technical issues to non‑technical audiences.
• Ability to work collaboratively, adapt to changing priorities, and operate under pressure.

• Previous experience in hospitality, gaming, or large…