Job Description:
This role will sit within the Security Operations group, which protects and defends. The Lead Incident Response Analyst will work in both a team environment and independently to analyze information security systems and threat intelligence in order to detect and respond to potential threats and recommend mitigation strategies.
What You'll Do
" Function as a focal technical lead on incident events providing technical, hands-on investigation, and support
" Lead the investigative process for network intrusions, products, and other cybersecurity incidents to resolve the cause and extent of the attacks
" Handle the chain of custody for all evidence collected during incidents, security, and forensic investigations
" Summarize events and incidents effectively to different constituencies, such as legal counsel, executive management, and technical staff, both in written and verbal forms
" Perform sophisticated malware detection and threat analysis
" Prioritize and differentiate between potential incidents and false alarms
" Continuously review SIEM dashboards, system, application logs, Intrusion Detection Systems (IDS), and custom monitoring tools
" Perform QA and lead and train Tier 1 incident responders to investigate and resolve any security incidents while encouraging teamwork and growth
" Provide technical input into and analysis of strategic and tactical planning to ensure accurate and timely service deployments
" Stay up to date with current vulnerabilities, attacks, and countermeasures to effectively handle the responsibilities of this role
Job Qualifications:
" Bachelors degree in computer science/information security/similar major or demonstrable experience in a related field
" Deep understanding of security incident handling and forensics skills including probing and attack methods, network/service discovery, system assessment, viruses, and other forms of malware
" Experience mitigating and addressing threat vectors including Advanced Persistent Threat (APT), Distributed Denial of Service (DDoS), phishing, malicious payloads, malware, applications, etc.
" Experience with information security technologies such as, but not limited to, SIEM, IPS/IDS, vulnerability management software, user behavior monitoring, unstructured data monitoring tools or internet content filters
" Solid grasp of network technologies including TCP/IP, IDS/IPS, firewalls, LAN/WAN, routing and switching
" Solid grasp of application/business/systems security analyst experience
" Strong analytical skills and attention to detail, as well as excellent communication skills
What Else
" Any of the following professional certifications: CISSP - Certified Information Systems Security Professional, CEH - Certified Ethical Hacker, CompTIA Security +, SANS GIAC, and Microsoft, Linux, Networking or related certifications
" Knowledge of offensive security techniques and familiarity with scripting languages and data analysis tools
" Experience working in a global company
" Knowledge of common security assessment frameworks such as MITRE ATT&CK Matrix, NIST, HITRUST, COBIT, etc.
" Experience leading small teams
Company Occupation:
Internet related
Company Size:
Medium (50 - 150)