Cyber Security Incident Response Analyst Jobs

Mandatory Skills:- host forensics, mal analysis and Industrial Control Systems.

Location:- Houston, Texas (Preferred)/Washington, DC/San Ramon, CA (Hybrid 1-2 Day/week Onsite)

Job Type:- Long Term Contract

Experience using BMC Remedy or ServiceNow service management/ticketing system is desirable.

Provides knowledge and expertise in tools, techniques, countermeasures, and trends in computer and network vulnerabilities and threats.

Network Packet capture (PCAP), report writing, remote forensics, Splunk UBA and Splunk SOAR experiences are nice to have.

BS or equivalent + 5 years related experience, or MS + 3 years related experience.

Hands-on experience with Splunk Enterprise Security performing searches and reviewing log sources.

Must have recent hands-on experience with incident response life cycles including analysis, containment, eradication, recovery, and post incident activities.

•Experience with SIEMs and case management systems

•Desire to bring innovative ideas and experience to help further the SOC’s capabilities

•Desire to mentor and help junior analysts gain knowledge and experience

Interested in joining the team? Check out our perks and benefits !

•Real-world experience managing incident response situations of varying complexity.

•Strong organizational and communication skills

2+ years’ experience in Security/Network Administrator or equivalent knowledge

Knowledge of system and application security threats and vulnerabilities

Assist with the analysis of previously undisclosed software and hardware vulnerabilities

Other tasks and responsibilities as assigned

Knowledge of incident response procedures, processes, and techniques

Knowledge of various host and network-based security controls

Serve as point of contact for ACS vulnerability management scanning tools with workstation vulnerabilities.

Hands-on experience with Rapid 7, Qualys and/or competing Vulnerability Management solutions.

Design and provide vulnerability management metric reports to management and stakeholders as necessary.

Continuous assessment of identified vulnerabilities and collaboration with other teams for remediation.

Prioritize vulnerabilities discovered along with remediation timeline(s)

Send and receive notifications to the SMEs (subject matter experts) of vulnerabilities within the environment.

Creation and management of tabletop exercises

Experience handling SOC related alerts

Architect and build deceptive technologies infrastructure & reporting

Build IR communications plans and templates

Identifying, building, and testing IR technical playbooks

Work on security alerts to identify issues

Prior cyber experience in two (2) or more of the following:

Knowledge of how malware operates.

Experience with forensics tools and analysis

Skilled in event analysis leveraging computer forensics tools

Excellent written and verbal communication skills

Develop high-quality customer deliverables that meet the expectations of the organization. This includes:

Hybrid/Flexible : Work at home and use the office as appropriate for in-person collaboration.

4 Year/Bachelor's degree or equivalent work experience

Monitor, defend and protect perimeter interface for malicious network traffic.

Responding to host based alerts

Performing network analysis of egress and ingress traffic.

Conduct real-time analysis using the SIEM and other security analytics tools.

Proficiency leading projects and project management experience with a focus on delivering results.

Experience managing, leading, and working with remote/distributed teams with diverse backgrounds.

Manage Security Operations Center personnel, partner relationship and supporting technologies.

Assist in ensuring the performance of key partner relationships and managed security services providers.

Required: 5-7 or more years relevant professional experience in a SOC performing IR.

Ninja-level knowledge of Windows, Linux Internals, Network Threat Identification, Cloud Security Protections.

5-7 years of Information Security or Incident Response related experience

Proven experience in day-to-day operational processes such as security monitoring, data correlation, troubleshooting, security operations etc.

Strong knowledge of enterprise detection technologies and processes (Detection Tools, IDS/IPS, EDR, NDR, Network Packet Analysis, Endpoint Protection).

Demonstrated experience with utilizing SIEM (such as Splunk)

This is a fully remote contract -

• Develop and administer data security policies

2+ years of development experience with scripting languages such as Python and JavaScript

4+ years of progressive technical experience in a Computer Science and/or a Cybersecurity domain

Experience integrating web-services such as API and REST

Experience with UNIX/Linux, Windows, and Containerization

Knowledge of cybersecurity tools such as SIEM, IDS, EDR, etc.

Knowledge of common cybersecurity attack methods

Knowledge of threat intelligence, vulnerability management, and security incident response best practices.

Threat Intelligence and Vulnerability Management

Experience in working within a Cyber Incident Response Team or Security Operations Center.

Experience with using SIEM systems, network security tools, and log analysis tools.

Knowledge of cybersecurity principles, incident detection, analysis, and response methodologies.

Knowledge of operating systems, network protocols, and security technologies.

Strong security-related experience, to include data analysis and data science skills

Must be committed to incorporating security into all decisions and daily job responsibilities

3+ years of related experience

Professional security experience such as: incident response, alert monitoring, cloud security, forensic investigations, security awareness, etc.

Excellent problem solving and analytical skills, the ability to define problems, collect data, establish facts and draw valid conclusions

Strong documentation and reporting skills