Sr. Cybersecurity Incident Response Analyst

Corp to Corp allowed

Interview Mode: Onsite interview required (local candidates only)

Duration: Contract for 12+ Months

Location: Onsite in Midtown, NYC 10019

Client: Investment Banking industry experience preferred. 

Summary:
The Cybersecurity Incident Response Senior Analyst plays a pivotal role in safeguarding the client's digital assets by identifying, investigating, and mitigating cybersecurity incidents in accordance with internal and regulatory requirements. The ideal candidate will possess a foundation in governance, strong technical background, sound analytical thinking, and a deep understanding of the threat landscape. This is a hands-on role requiring collaboration across the enterprise.

Key Responsibilities
Incident Detection and Response

• Support firm's follow the sun processes ensuring continuous security monitoring of global networks
• Monitor alerts from security platforms (incl. SIEM, Phishing, DLP, Threat Intelligence, etc.) and escalations from users, management, and SOC to effectively respond to anomalous and/or malicious activities.
• Triage and prioritize events and incidents based on severity, impact, and scope.
• Conduct root cause analysis and lead containment, eradication, and recovery efforts.
• Analyze host-based and network-based artifacts and logs to reconstruct timelines
• Proactively search for indicators of compromise (IOCs) across systems and networks
• Collect and preserve evidence from endpoints, servers, and logs in a legally defensible manner.
• Continuously monitor threat intelligence and open-source advisories to proactively identify and respond to emerging threats.
• Correlate with threat intelligence to contextualize findings and steer investigations

Governance, Risk, and Compliance (GRC) Support

• Ensure all incident response practices and activities align with internal security policies, procedures, runbooks, and regulatory mandates.
• Support assessments, audit, and regulatory examinations by maintaining and providing incident-related evidence and documentation.
• Maintain thorough and complete documentation of all actions taken during incident response activities in accordance with policies and established incident response playbooks.
• Maintain policies, procedures, and playbooks related to incident response.

Reporting & Metrics

• Generate weekly and monthly reports and dashboards tailored for both technical and executive audiences.
• Communicate business impact of CSIRT activities in a clear, risk-aligned manner.
• Define, maintain, and report metrics, KPIs, and KRIs to measure program performance, risks, effectiveness, and compliance

Collaboration and Communication

• Coordinate analysis and response efforts to security incidents, ensuring minimal impact and quick recovery
• Work closely with technology, legal, compliance, and risk teams during major incidents
• Act as an SME during post-incident reviews and contribute to incident reports
• Maintain open communication with senior leadership and provide ongoing status updates

Process and Technology Optimization

• Evaluate, implement, and optimize security processes and technologies to enhance detection and response capabilities.
• Collaborate with service providers and vendors on tool enhancements and issue resolution.
• Fine-tune detection rules to reduce false positives and improve fidelity.

Continuous Improvement

• Conduct post-mortem reviews and contribute to lessons learned
• Maintain awareness of the evolving threat landscape and disseminate knowledge internally.
• Proactively identify gaps or inefficiencies in CSIRT policies, procedures, processes, and playbooks.
• Participate in cross-functional tabletop exercises and red/blue team simulations

Core Competencies

• Ability to analyze, prioritize, and manage security incidents effectively.
• Ability to manage multiple initiatives simultaneously, determine prioritization, and work under minimal supervision.
• Awareness of latest Information Security risks.
• Comfort working in a highly global, diverse, and hybrid (office and virtual) work environment.
• Strong technology, information security, and analysis skills.

• Strong communication and documentation skills.
• Knowledge of business, regulatory, and compliance requirements in the financial services industry