Threat and Incident Response Analyst - Cybersecurity Investigator

Job Title: Threat and Incident Response Analyst - Cybersecurity Investigator

Location: Hybrid, Chicago, IL

Duration: 12+ Months with potential extensions

Manager Notes:

• This role is for our Threat and Incident Response Team so I m looking for an experienced Cybersecurity investigator. I don t need somebody with Forensics skills but familiarity with Splunk, Crowdstrike, AWS, and even Azure particularly responding to security incidents in AWS and Azure environments.
• In addition, we re looking for somebody with experience building searches and reports in Splunk to assist with incident response and can assist the team with building new playbooks and integrating new tools and capabilities into the existing response workflows.

Job Description: Key Responsibilities:

• Monitor and analyze security events, incidents, and vulnerabilities to identify potential threats and risks to the organization's IT infrastructure.
• Respond to security incidents in a timely and effective manner, following the incident response process and procedures.
• Collect, analyze, and preserve digital evidence related to security incidents.
• Develop and maintain incident procedures, and playbooks.
• Develop SIEM searches, alerts, dashboards, and alerts as needed for incident response and security monitoring.
• Work with the Bank s Managed Security Services Provider as well as Security and IT partners to investigate suspicious and malicious activity.
• Participate in tabletop exercises, drills, and simulations to test the organization's incident response plans and procedures.
• Stay up-to-date with the latest security technologies, trends, and threats to recommend best practices and solutions to enhance the organization's security posture.

Qualifications:

• Bachelor's degree in Computer Science, Information Security, or related field.
• At least three to five years of experience in IT security, with a focus on security operations.
• Knowledge of security technologies, such as firewalls, intrusion detection and prevention systems, antivirus software, and vulnerability assessment tools.
• Experience in conducting incident response and investigations particularly in cloud environments such as AWS and Azure.
• Familiarity with security frameworks, such as NIST, ISO, and CIS.
• Strong analytical and problem-solving skills.
• Experience in creating alerts and other content in Splunk or other security tools is a plus.
• Excellent communication and interpersonal skills.
• Ability to work independently and as part of a team in a fast-paced, dynamic environment.
• Relevant certifications, such as CompTIA Security+, Certified Information Systems Security Professional (CISSP), or Certified Ethical Hacker (CEH), are preferred.