Cybersecurity Incident Response Analyst (hybrid in Ann Arbor, MI)

cybersecurity, comptia, GIAC, incident response, firewalls, AV, EDR, SIEM, DLP, cyber threats
Full Time
Depends on Experience
Work from home available Travel required to 10%.

Job Description

Clover Consulting has an immediate need with for an experienced Cybersecurity Analyst for our direct client located in Ann Arbor, MI.  This is a direct hire position that will be required to be onsite but may be  permitted some work from home opportunities.  Requirement details are below.  Qualified candidates should respond to this posting.  NO PHONE CALLS PLEASE.

 

Title:  Cybersecurity Analyst / Incident Response Analyst

Location:  Ann Arbor, MI (Hybrid)

Term:  Direct Hire

Details:

 

Title:  Cybersecurity Analyst / Incident Response Analyst

Location:  Ann Arbor, MI

Term:  Direct Hire

Details:

 

Cybersecurity Analyst

The Cybersecurity group is involved in every aspect of the global business. The Cybersecurity group defends against cyber-attacks and provides cybersecurity tools, incident response services and assessment capabilities to safeguard the environments that support the essential operations. We are passionate about identifying adversarial activities and anticipating a wide variety of threats to strengthen our defenses and the overall protection of our Intellectual Property.

 

Responsibilities:

The Cybersecurity Analyst is responsible for incident response, threat detection, DLP monitoring and maintaining the security tools that are used to secure our environment. This individual will be responsible for generating and responding to tickets from our security tools and raising tickets (when appropriate) to relevant IT and Cybersecurity personnel.

 

Essential Duties and Responsibilities:

  • As an active member of the team, which monitors and process responses for security events on a 24x7 basis.
  • Plan and execute regular incident response and postmortem exercises, with a focus on crafting measurable benchmarks to show progress (or deficiencies requiring additional attention).
  • Review and analyze cyber threats and provide support to other security analysts.
  • Facilitate the development and tuning of AV, EDR, SIEM, and DLP rules to ensure high fidelity alerting.
  • Communication with management as the need arises: keeping informed of incident progress, notifying of impending changes or agreed outages.
  • IDS monitoring and analysis, analyze network traffic, log analysis, prioritize and differentiate between potential intrusion attempts and false alarms.
  • Compose security alert notifications.
  • Support incident responders while investigating and resolving computer security incidents.
  • Actively preform detection, monitoring, analysis, and resolution of security incidents.
  • Must be able to prioritize their own work to provide a positive customer experience.
  • Participation in security incident handling efforts in response to a detected incident.
  • Must be able to maintain awareness of trends in security regulatory, technology, and operational requirements.

 

Additional Duties and Responsibilities:

  • Some domestic and/or international travel (up to 25%) may be required.
  • Ability to communicate clearly with other team members
  • Generate reports from different data sources and present to management when requested.

 

Minimum Qualifications:

Bachelor’s degree in an Information Security or related IT field.

 

Preferred Qualifications:

  • 5 years of related experience in cybersecurity or related technologies such as: firewalls/AV/EDR/IPS/IDS/SIEM systems.
  • 5 years experience working in or with a SOC in an Incident Responder role.
  • Shown systems security exposure and proficiency in Operating Systems (Windows and Linux).
  • Relevant security related certification(s) a plus: CompTIA, GIAC Security Essentials or similar.
  • Proven domain expertise in meaningful areas, such as incident response, intrusion analysis, incident handling, malware analysis, web security or security engineering.
  • Strong working knowledge of common security tools, such as EDR, SIEM, AV, scanners, proxies, WAF, Netflow, IDS and forensics tools
  • Ability to multi-task, adapt to changes quickly and handle heavy ticket volumes.
  • Technical awareness: ability to match resources to technical issues appropriately.
  • Ambitious and able to work in a fast-moving environment.
  • Familiarity with various network and host-based security applications and tools, such as network and host assessment/scanning tools, network and intrusion detection systems, and other security software packages.
  • Knowledge of confidentiality, integrity, and availability principles.
  • Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, DNS and directory services.
  • Knowledge of authentication, authorization, and access control methods.
  • Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.

 

COVID-19 Vaccination:  At this time, candidates must either provide proof of vaccination OR provide a reasonable accommodation request (exception/exemption).  If NOT vaccinated, must be able to be tested by employer on a weekly basis in order to enter the work facility.

 

Dice Id : 10108584
Position Id : KBT-CSA
Originally Posted : 2 months ago
Have a Job? Post it