Cyber Security Incident Response Analyst

The Information Security Office’s vision is to realize a culture of security that manages risks, defends against threats, and integrates information security into business and technology. The Global Cyber Security (GCS) Team supports this vision though the detection, analysis, and mitigation of cyber security threats facing. The Digital Forensics and Incident Response (DFIR) Team under GCS is responsible for the coordination and investigation of cyber security incidents, forensic analysis, and forensic data collection in support of business functions.

As a Senior Security Analyst on the DFIR Team, you will:

• Perform work in a fast-paced environment utilizing a set of security related tools (e.g. WAF, SOAR, SIEM, UBA, IDS/IPS, anti-virus, firewalls, etc.), developing new team processes, verifying/testing new monitoring tools, and working with internal/external teams on security issues
• Conduct investigations into moderate to complex cyber security incidents using fundamental incident response processes and approach
• Use lessons learned to improve security posture in conjunction with the GCS leadership team
• Coordinate resources during a cyber-security event, driving issues to a timely and complete resolution
• Ensure forensic practices are followed in the collection and preservation of data related to security incidents, legal holds, and other investigations
• Ensure constant state of incident readiness that adapts to the changing threat landscape by maintaining playbooks and processes used by the team
• Present complex technical incident details to legal, privacy, and senior leadership for evaluation
• Conduct analysis, response, triage, recovery, and improvements for security events
• Use data to aid in decision-making by not only looking at data provided, but also determining what additional data might be needed

Required:

• Knowledge of Network Protocols, Packet Captures, Security Controls, Scripting, SIEM, standard ticketing systems, Open Source Tools, Web Application Firewalls, PKI, and vulnerability scanning
• Strong documentation and reporting skills
• Ability to gather all relevant incident information, in accordance with incident management and response processes, and analyze incident information to understand the scope of the incident
• Experience responding to security incident types, such as DDoS attacks, anomalous activity, malware infections, APT activity, unauthorized access, data extraction, etc.
• 3+ years of related experience
• Must be able to work independently with a sense of ownership to accomplish department and project tasks
• Excellent problem solving and analytical skills, the ability to define problems, collect data, establish facts and draw valid conclusions
• Must have displayed team-centric and leadership skills, including leading and facilitating meetings (in-person and/or virtual)
• Ability to analyze forensic and log data to identify root cause and or indicators of compromise
• Professional security experience such as: incident response, alert monitoring, cloud security, forensic investigations, security awareness, etc.
• Ability to maintain a high degree of confidentiality
• Strong security-related experience, to include data analysis and data science skills
• Must be presently authorized to work in the U.S. without a requirement for work authorization sponsorship by our company for this position now or in the future
• Ability to collect large sets of structured and unstructured data from disparate sources; analyze that data to identify trends and patterns; interpret the data to discover solutions and opportunities; and create reports, presentations, or dashboards to communicate findings to technical and non-technical audiences
• Must be committed to incorporating security into all decisions and daily job responsibilities
• Experience with task automation and developing new and improved processes
• Must have a strong solution orientation
• Understanding of sound investigative techniques for suspected and confirmed incidents

Preferred:

• Prior experience in incident response related directly to moderate to complex security incidents
• Experience conducting data analysis using tools such as Python, R, Tableu, or PowerBI
• Bachelor's degree in Cyber Security, Computer Science, Computer Information Systems, Management Information Systems, or extensive security related experience OR equivalent combination of education and experience is preferred
• Security related certifications such as: CISSP, CompTIA Security +, GCIH, security tool certs
• Linux Shell Scripting (Python Shell Scripting preferred)

Pay Range: $100,000- $140,000. The specific compensation for this position will be determined by a number of factors, including the scope, complexity and location of the role as well as the cost of labor in the market; the skills, education, training, credentials and experience of the candidate; and other conditions of employment. Our full-time consultants have access to benefits including medical, dental, vision as well as 401K contributions.

#LI-REMOTE