Incident Response Analyst 2

As an Incident Response Analyst, you will be given the opportunity to work with a team of security analysts to detect, analyze, and mitigate potential intrusions and other security incidents. Candidates must be willing to work in a CSIRT environment, demonstrate strong problem solving skills, have experience in various toolsets and best practices, able to critically think, and allow for flexible scheduling.

•Shift is 8:00AM-5:00PM, Monday-Friday (Flexible schedule timing)
•Flexible two days a week work from home policy. (Manager approval)
•On-Call rotational schedule.

Roles & Responsibilities:

•Investigates, analyzes, host and network data to respond to cyber incidents within the network and cloud environment.
•Coordinate and provide technical support to enterprise-wide information technology teams to resolve cybersecurity incidents.
•Correlate incident data to identify specific compromises and make recommendations that enable expeditious remediation
•Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security.
•Perform cybersecurity defense incident triage, to include determining scope, urgency, and potential impact; identify a compromised endpoint; and make recommendations that enable expeditious remediation
•Perform collection of forensic artifacts and inspect to discern possible mitigation/remediation on enterprise systems
•Perform real-time cyber defense incident handling (e.g., forensic analysis, intrusion correlation and tracking, threat analysis, and direct system remediation).
•Receive and analyze alerts from various sources within the enterprise and determine root cause of such alerts.
•Track and document cyber defense incidents from initial detection through final resolution.
•Employ approved defense-in-depth principles to remediate active threats (e.g., defense-in-multiple places, layered defenses, security robustness).
•Collect intrusion artifacts from network sources and use data to enable mitigation of potential cyber defense incidents within the enterprise.
•Perform malware analysis on malicious files to gather indicators of compromise.
•Coordinate with intelligence analysts to correlate threat assessment data.
•Participate in Threat hunting exercises
•Write and publish reports of an investigation.
•Perform log analysis within a log aggregator to timeline an event.
•Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise.

•Requires 2 years of related experience.
•Strong communication and customer interaction skills.
•Passionate in cyber security
•Willing to learn in a fast paced environment.
•Associate's or Bachelor's degree in a computer science preferred.
•Experience with a log aggregation query language.
•Experience with conducting host analysis and obtaining indicators of compromise on Windows, Linux, and Mac operating systems.
•Experience with computer networking concepts and protocols, and network security methodologies.
•Knowledge of cyber threats and vulnerabilities.
•Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions.
•Experience with network traffic analysis methods.
•Knowledge of system and application security threats and vulnerabilities
•Understanding of cyberattack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
•Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
•Knowledge of OSI model and underlying network protocols (e.g., TCP/IP).
•Experience with malware analysis concepts and methodologies.
•Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
•Some experience with programming and scripting techniques.
•Experience in obtaining artifacts from network logs regarding malware (C2 Beaconing, Exfiltration, Phishing)
•Basic understanding in obtaining host based artifacts regarding malware on Windows, Linux systems.
•Basic understanding in using security event correlation tools. (SIEM Technologies and Log Aggregators)
•Ability to perform forensic analysis of host and network-based intrusions using intrusion detection technologies

Conditions of Employment All job offers are contingent upon successful completion of certain background checks which unless prohibited by applicable law may include criminal history checks, employment verification, education verification, drug screens, credit checks, DMV checks (for driving positions only) and fingerprinting.

Great People
, Deserve Great Benefits We know that we have some of the brightest and most talented associates in the world, and we believe in rewarding them accordingly. If you work here, expect competitive pay, comprehensive health coverage, and endless opportunities to advance your career. From tuition reimbursement to scholarship programs to employee stock purchase plans and 401(k)s, we offer associates a variety of benefits that work as hard for them as they work for us.

About Epsilon
Epsilon® is an all-encompassing global marketing innovator. We provide unrivaled data intelligence and customer insights, world-class technology including loyalty, email and CRM platforms and data-driven creative, activation and execution. Epsilon's digital media arm, Conversant, is a leader in personalized digital advertising and insights through its proprietary technology and trove of consumer marketing data, delivering digital marketing with unprecedented scale, accuracy and reach through personalized media programs and through CJ Affiliate, one of the world's largest affiliate marketing networks. Together, we bring personalized marketing to consumers across offline and online channels, at moments of interest, that help drive business growth for brands. An Alliance Data* company, Epsilon employs over 8,000 associates in 70 offices worldwide. For more information, and follow us on Twitter @EpsilonMktg.
Alliance Data provides equal employment opportunities without regard to race, color, religion, gender, age, national origin, disability, sexual orientation, gender identity, veteran status or any other characteristic protected by law.

For San Francisco Bay Area:
Alliance Data will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of San Francisco Police Code Sections 4901 - 4919, commonly referred to as the San Francisco Fair Chance Ordinance

Alliance Data is an Equal Opportunity Employer.

Alliance Data will provide accommodations to applicants needing accommodations to complete the application process.

Any applicant offered employment will be required to establish that they are legally authorized to work in the United States for Alliance Data.

Alliance Data participates in E-Verify.

Alliance Data will consider for employment qualified applicants with criminal and credit histories in a manner consistent with the requirements of all applicable laws, including the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance.


Back to top