Cyber Defense Incident Responder

Need someone who can work on W2.

We are actively looking for an experienced Cyber Defense Incident Responder to join our Cybersecurity Operations Center in Greensboro, NC. In this role, you will be responsible for analyzing data, developing incident response processes, conducting in - depth analysis of network & endpoint data, & incorporating threat intelligence to enhance detection & mitigation strategies.

What you will do

• Complete Cyber Monitoring & Incident Response Operations Playbook / Checklist activities including, but not limited to: log review, vulnerability management activities, management report scheduling & running, alert analysis, filter modifications & escalation follow up activity status
• Guide & coordinate internal & third - party incident response
• Develop, tune & maintain tools to automate analysis capabilities for network-based, host-based & log-based security event analysis. Create signatures, rulesets, & content analysis definitions from various intelligence sources for a variety of detection capabilities
• Organize & maintain documentation of detection capabilities, alert definition, policy configurations, & tool rulesets
• Maintain adherence to Corporate Security Operations Center standards, policies & procedures
• Remain up-to-date on the latest security information in order to validate the security analysis & identification capabilities of the security operations technologies
• Participate in efforts to analyze & define security filters & rules for a variety of security parameters

What you Bring

• Bachelor s degree in computer science or a related 5 - year technical degree, or 3-6 years of relevant IT experience
• 3 - 4 years of IT Security experience
• Core Technical: Intrusion Detection, NetFlow Analysis, Log Analysis, Rule / Signature / Content Development, programming or scripting required.
• Exhibits understanding & application of the principles of Network Security Monitoring ( NSM ). Ability to :
• Analyze log data, NetFlow data, alert data, network traffic & other data sources to validate security events.
• Create signatures & detection content in IDS, SEIM & Log analysis platforms.
• Consume, comprehend & utilize & create indicators of compromise.
• Tune detection tools for accuracy.
• Execute on intelligence - driven detection capabilities.
• Perform daily analysis of detection reports & alerts.
• Maintain tools, scripts & applications for detection & automation capabilities.