Senior Incident Response Analyst

Description

Role

As a direct report to the Lead Incident Response Analyst, you will be a member of the clients enterprise Incident Response Team. You will belong to a team of strong people, processes, and technologies with the overarching goal of detecting and responding to threats in the several geographic environments monitored by the Global Centre of Excellence where you would be based.

Responsibilities

• Monitor, manage, and coordinate the information collection and cataloging of activities from a variety of public and private security-related information sources, as well as documenting the initial analysis of vulnerability reports and how they may relate to the client
• Review various alerts from the intelligence sources and identify any indicators of attacks that may be focused on the client or identify any activities from threat actors that may have an interest in the client
• Conduct technical analysis and assessments of security-related incidents, including malware analysis, packet-level analysis, and system-level forensic analysis. Conduct the analysis of network traffic and output from various network-centric technologies. Analyze disk & memory images with the intent of recovering information related to a security incident.
• The analysis focus can include malicious or suspicious files, logs, registry entries, or indications of lateral movement or data exfiltration Utilizing intelligence from various sources, define, build, test and implement correlation rules that support the monitoring and enforcement of security policies

• Develop incident response plans and procedures, including identification, remediation, containment, and eradication procedures Identify major threats that target the app users or utilize company infrastructure

• Provide technology requirements for enabling technologies including but not limited to the SIEM, DPI, GRC, EDR/EPP, Intrusion Detection Systems, HIPS, Web Proxy/Content Filtering, Active Directory, PKI, Radius, multi-factor authentication, and commercial automated attack defence technologies Provide input to cross-functional teams to ensure that log sources meet analyst needs and that sensors and collection devices are placed strategically throughout the environment
• Work with Crisis Management to enable crisis procedures and execute when necessary

Synthesize technical details of critical incidents to executive management and provide immediate containment and eradication recommendations Development and maintenance of procedural documentation Maintain and respond to changes in operational indicators and metrics

• Support the onboarding of new products, data, process, or tools by identifying requirements by integrating them into operations (processes, playbooks, and training)

Qualifications

Minimum Qualifications

• Bachelors' Degree or industry equivalent work experience in international security architecture and engineering in a converged security program
• CISSP, GCIA, GCIH, GREM or applicable experience in the Information Security field
• At least 3-5 years of directly related experience
• Experience in computer security incident handling and the Advanced Persistent Threat
• Experience with applications of Artificial Intelligence in security
• Ability to balance risks in ambiguous and complex situations.
• Demonstrated teamwork and collaboration skills, in particular in leading or contributing to global and multi-functional teams.
• Highly motivated to contribute and grow within a complex area of emerging importance.
• Excellent fundamental knowledge of industry-standard frameworks (e.g., MITRE ATT&CK)
• Strong analytical/problem-solving skills and cross-functional expertise across multiple IT operational and security disciplines
• Ability to communicate technical concepts to a broad range of technical and non-technical staff
• Must possess a high degree of integrity, be trustworthy, and have the ability to lead and inspire change

Preferred Qualifications

• One or more programming/scripting languages (e.g., C++, Perl, Java, Python, etc.)
• Malware analysis expertise
• SQL Scripting knowledge and experience
• Experience in performing or overseeing malware analysis
• Experience in performing digital forensics for incident response
• Strong Operating System Administration skills including conceptual knowledge of OS * internals and experience with core service types
• Strong experience with UNIX and Windows networking environments
• Experience in maintaining a working knowledge of global attack groups and their tools, techniques, and procedures