Purpose of Job: This role is an individual contributor for the Security Incident Response Team. As the team has developed into a 24/7 365 operation, we require strong individual contributors that will investigate, analyze and contain security incidents.
Please note this will be shift work, and Analysts would be required to work mid shifts and late shifts.
Major Responsibilities
1. Monitor security intake technologies for reports of security incidents.
2. Perform analysis on cybersecurity alerts in both On-Premises or Cloud environments.
3. Provide engineering consulting and implementation expertise in support of new initiatives.
4. Review security tools for opportunities to improve alerting.
5. Produce detailed incident reports and security recommendations.
6. Mentor analysts, providing training and guidance through complex incidents.
7. Strong ability to collaborate, delegate tasks and drive deadline compliance in a highly regulated, time-sensitive environment.
8. Lead security, policy and privacy related events and incidents.
9. Manage containment and remediation efforts of affected assets, IOCs, and TTPs.
10. Hold stakeholders accountable for remediation actions.
11. Integrate and collaborate with other subject matter experts throughout the organization.
12. Liaison with Cyber Defense, Privacy, Compliance, Legal, and Architecture teams.
13. Influence the creation and/or adoption of new standards and procedures.
14. Identify deficiencies in processes and tools, recommend security controls and/or corrective actions for mitigating technical and business risk. Contribute to Lessons Learned Meetings.
Qualifications
1. 4 or more years of IT Security or Cyber Security experience in Incident Response and any of the below:
1. Cybersecurity threat detection, monitoring and reporting.
2. Cyber Intelligence and Threat Hunting.
3. Cyber SOAR Automation Engineering.
4. Digital Forensics.
2. Must be able to work off shift hours (e.g. Evening, Nights and Weekends).
3. Experience analyzing attack vectors, current threats, and security remediation strategies.
4. Experience with SIEM technologies, EDR technologies, and/or Asset isolation tools.
5. Networking experience (including the OSI Model, TCP/IP, DNS, HTTP, SMTP), System Administration, and Security Architecture.
6. High level familiarity of global privacy regulations and legislations (GDPR, UK-DPA, HIPAA etc).
7. Experience in public cloud platforms, including Azure, AWS, and Google Cloud Platform.
8. Information Technology Industry Certification.
Assets
1. Undergraduate degree or equivalent experience.
2. PowerShell, KQL, or Python scripting experience.
3. Knowledge of Crowdstrike, Defender stack and Google SecOps.
4. Understanding of NIST 800-61, Cyber Kill Chain, and MITRE ATT&CK framework.
#J-18808-Ljbffr