Responsible for understanding and interpreting event discovery and incident response activities
Full-spectrum incident response support including event discovery, alert notification, investigation, facilitation of containment, facilitating of resolution, and event reporting
Perform mitigation activities for current and residual risk
Assist with project planning and identification of mitigation activities
Support tier-1 analysts in performing day-to-day operations
Maintain a professional communicative relationship with clients and management to provide information throughout the incident, problem, and change management cycles
Coordinate and drive efforts among multiple business units during response activities and post-mortem
Proactive monitoring of internal and external-facing environment using specialized security applications
Provide timely, comprehensive and accurate information in both written and verbal communications
Proactively research and monitor security-related information sources to aid in the identification of threats to client networks, systems and intellectual property
Routinely develop and update incident response playbooks to ensure response activities align with best practices, minimize gaps in response and provide comprehensive mitigation of threats
Develop the requisite expertise, knowledge, and ability to perform independently through mentorship; mentor and share expertise with junior staff
Bachelor Degree in Computer Science, Mathematics, Engineering, or other related area of study preferred with 3-5 years of overall IT professional experience.
At least 2+ years of work experience in Information Security, especially in an Information operations / incident role
- Ability to participate in after hours on-call rotation when required; Due to the nature of the business the Cyber analyst position covers all shifts 24/7
- Detailed knowledge of applicable security tools, technologies, and trends
Fundamental understanding of defense-in-depth and intelligence-driven strategies
Working knowledge/experience of network systems, security principles, and applications
Experience with utilizing security tools software such as Splunk, LogRhythn, CarbonBlack, Fidelis, and ServiceNow
Hands-on troubleshooting, analysis, and technical expertise to resolve incidents and service requests; previous experience in troubleshooting day-to-day operational processes such as security monitoring, data correlation, security operations etc.
Proven experience performing analysis of security events and incidents, to determine root cause and provide resolution; working experience against advanced persistent threats is well seen;
Strong working knowledge of at least three of the following security tools: host-based antivirus, anti-spam gateway solutions, firewalls, IDS/IPS, server and network device hardening, data loss prevention, forensics software, vulnerability management, website security;
Competence in using both internal and external ticketing systems for ITIL-based incident, problem and change management.
- Additional certifications and training preferred in the following areas: Network Security certifications (CISSP, C|EH, Security+, SANS, ISACA, Vendor Certificates), Project Management training/certification, and Quality Management (ITIL, Six Sigma, TQM, etc.) training/certification