Senior Incident Response Analyst

This is a remote position.

Resolves security incidents recommending enhancements to improve security identifying common attack patterns to publicly exposed aspects of the organizations environment and contributing to the implementation of scalable and preventative security measures. Executes the enterprise-wide Incident Response Plan. Partners with business units to accomplish enterprise-wide remediation and develops and delivers presentations to the senior leadership team.

• Reviews current configurations production information systems and networks against compliance standards
  
• Prepares for the prevention and resolution of security breaches and ensures incident and response management processes are initiated
  
• Implements and discusses security service audit schedules reviews access authorization and performs the required access controls testing to identify security shortfalls
  
• Designs of automated scripts contingency plans and other programmed responses that are launched when an attack against systems has been detected
  
• Collaborates with Information Security Architects Information Security Engineers and software or hardware stakeholders
  
• Notifies internal and/or external teams according to agreed alert priority levels escalation trees triaging of security alerts events and notifications
  
• Ties third-party attack monitoring services and threat reporting services into internal CIRT (Cyber Incident Response Team) communications systems
  
• Performs post-mortem analysis with logs network traffic flows and other recorded information to identify intrusions by unauthorized parties as well as unauthorized activities of authorized users
  
• Performs other duties as assigned
  
• Complies with all policies and standards
  

Requirements

Education/Experience:

• 4-6 years of Cloud cybersecurity experience performing incident triage and response
  
• Intermediate-to-advanced understanding of AWS and Azure environments
  
• Knowledge of tools techniques and processes (TTP) used by threat actors
  
• Knowledge of Indicators of compromise (IOC)
  
• Knowledge of Wiz & Wiz Defend
  
• Experience with Endpoint protection and enterprise detection & response software (such as CrowdStrike MS Defender etc.)
  
• Knowledge of Network and infrastructure technologies including routers switches firewalls etc.
  

• Intermediate - Seeks to acquire knowledge in the area of specialty
  
• Intermediate - Ability to identify basic problems and procedural irregularities collect data establish facts and draw valid conclusions
  
• Intermediate - Ability to work independently
  
• Intermediate - Demonstrated analytical skills
  
• Intermediate - Demonstrated project management skills
  
• Intermediate - Demonstrates a high level of accuracy even under pressure
  
• Intermediate - Demonstrates excellent judgment and decision-making skills
  

• SANS GIAC Security Essentials (GSEC) SANS GIAC Certified Intrusion Analyst (GCIA) or equivalent SANS GIAC Certified Incident Handler (GCIH) or equivalent preferred
  

Benefits