Incident Response Analyst

Job Requisition ID #

25WD88811

Position Overview

The Incident Response Analyst is responsible for monitoring, identifying, assessing, containing, and responding to various information security events in a large and complex environment, as well as analyze, triage, and report on these incidents and investigations. The candidate must have knowledge of system security design, network/cloud security best practices and in-depth knowledge of systems security operations, threat actors frequently used attack vectors, and general user behavior analytics. The candidate will be part of an established security team and work closely with teams across the company in remediating security issues and driving Incident Response. The candidate should have a strong passion for security and growth and be willing to accept challenging projects and incidents.

• Responsible for handling day-to day operations to monitor, identity, triage and investigate security events from various Endpoint (EDR), Network and Cloud security tools and detect anomalies, and report remediation actions
• Analyze firewall logs, server, and application logs to investigate events and incidents for anomalous activity and produce reports of findings
• Conduct reviews and analysis of proxy logs, Microsoft Windows and Active Directory logs, and malicious code to identify, contain, eradicate, and ensure recovery from incidents
• Help create and maintain process tools and documentation
• Perform all stage of incident response from detection to postmortem
• Collaborate with stakeholders in building and improving our Security Orchestration Platform
• Clearly document notes for incidents in our case management solution
• Perform basic forensics and malware analysis based on our playbooks and procedures
• Responsible for working in a 24/7 environment, with shifts determined by business needs
• Maintain a high level of confidentiality and Integrity

• BS in Computer Science, Information Security, or equivalent professional experience
• 2+ years of cyber security experience in incident response
• Technical depth in one or more specialties including: Malware analysis, Host analysis and Digital forensics
• Strong understanding of Security Operations and Incident Response process and practices
• Experience performing security monitoring, response capabilities, log analysis and forensic tools
• Strong understanding of operating systems including Windows, Linux and OSX
• Experience with SIEM, SOAR, EDR, Network, AWS, and Azure security tools
• Excellent critical thinking and analytical skills, organizational skills, and the ability to work as part of a team
• Excellent verbal and written communication skills
• Ability to design playbooks for responding to security incidents
• Ability to support off-hours, weekends, and holidays if needed in support of incident response

• Advanced interpersonal skills to effectively promote ideas and collaboration at various levels of the organization
• One or more security-related certifications from any of the following organizations: GCIH, GCFE, GCFA, AWS, Azure Cloud security Certifications or equivalent is desired