Lead Incident Response Analyst

As a Lead Incident Response Analyst at Epsilon, you will be given the opportunity to teach a team of security analysts about both traditional and unconventional ways to detect and analyze potential intrusions and other security incidents. The lead incident response analyst will be the primary resource on all cyber incidents. You will work hand in hand with cross business resources to remediate, mitigate, and prevent cyber related events. This role will have the opportunity to develop and grow junior analysts within our team by given the ability to create training and in house challenges for the team. In conjunction with our threat intelligence team, the lead analyst will be facilitating threat hunting exercises across the enterprise.
•Shift is 8:00AM-5:00PM, Monday-Friday (Scheduling flexibility available).
•Flexible two days a week work from home policy. (Manager approval)
•On-Call rotational schedule.

Roles & Responsibilities
•Develop and facilitate a personal development plan for junior analysts in the areas of endpoint, network, memory, and malware analysis.
•Create and deliver trainings for junior analysts based on personal development plans.
•Coach junior analysts and lead cyber security incidents based on the NIST framework.
•Coordinate and facilitate Threat Hunting exercises in conjunction with a Cyber Threat intelligence team.
•Leads investigations and response of cyber incidents within the network and cloud environment.
•Coordinate and provide expert technical support to enterprise-wide cybersecurity information technology teams to resolve cybersecurity incidents.
•Gather and collect indicators of compromise on malicious code by performing malware analysis.
•Review and perform analysis of logs from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security.
•Develop tool, process, and operational enhancements to the program in conjunction with a security engineering team
•Conduct host analysis and gather indicators of compromise on Windows, Linux, and Mac operating systems.
•Write and publish cyber defense techniques, guidance, and reports on incident findings to appropriate constituencies for incident response process improvement
•Excellent problem-solving and conceptual thinking abilities, especially with technical troubleshooting.
•Strong communication skills with the ability to develop and maintain productive working relationships across multiple lines of business.
•Perform incident triage to include determining scope, urgency, and potential impact; identify the specific vulnerability and make recommendations which enable expeditious remediation.
•Serve as technical experts and liaisons to other internal investigative and legal groups by providing hands-on support in reviewing forensic analysis, reports, and data and collaborate with other local, national and international incident response teams as needed.
•Perform analysis of logs from a variety of sources within the enterprise, to include individual host logs, network traffic logs, firewall logs, and intrusion detection system logs.
•Track and document incidents from initial detection through final resolution including documenting requests and activities in case management system.
•Document new and update current program procedures providing guidance and reports on incident findings to appropriate constituencies.
•Familiarity with laws and regulations regarding security breach response procedures.

Desired Requirements:
•Bachelor's Degree in a technical discipline with a minimum of 8 years related Information Security experience
•At least 5 years of experience in incident response.
•Certification in CISSP, SANS GCIH, GNFA, or other GIAC certifications.
•Passionate in cyber security
•Willing to learn in a fast paced environment.
•Excellent written and oral communication skills
•Bachelor's degree or Master's degree in a computer science preferred.
•Strong knowledge of network traffic analysis methods.
•Strong knowledge of system and application security threats and vulnerabilities.
•Proficient in one or more programming languages.
•Expert experience in conducting host analysis and obtaining indicators of compromise on Windows, Linux, and Mac operating systems.
•Able to mentor team members in incident response.
•Experience with computer networking concepts and protocols, and network security methodologies.
•Intermediate knowledge of Malware Analysis concepts and methodologies.
•Strong understanding of system and application security threats and vulnerabilities
•Knowledge of OSI model and underlying network protocols (e.g., TCP/IP).
•Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
•Strong knowledge with a log aggregation query language.
•Understanding of cyberattack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
•Strong understanding of intrusion detection methodologies and techniques for detecting host and network-based intrusions.
•Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).

Conditions of Employment All job offers are contingent upon successful completion of certain background checks which unless prohibited by applicable law may include criminal history checks, employment verification, education verification, drug screens, credit checks, DMV checks (for driving positions only) and fingerprinting.

Great People
, Deserve Great Benefits We know that we have some of the brightest and most talented associates in the world, and we believe in rewarding them accordingly. If you work here, expect competitive pay, comprehensive health coverage, and endless opportunities to advance your career. From tuition reimbursement to scholarship programs to employee stock purchase plans and 401(k)s, we offer associates a variety of benefits that work as hard for them as they work for us.

About Epsilon
Epsilon® is an all-encompassing global marketing innovator. We provide unrivaled data intelligence and customer insights, world-class technology including loyalty, email and CRM platforms and data-driven creative, activation and execution. Epsilon's digital media arm, Conversant, is a leader in personalized digital advertising and insights through its proprietary technology and trove of consumer marketing data, delivering digital marketing with unprecedented scale, accuracy and reach through personalized media programs and through CJ Affiliate, one of the world's largest affiliate marketing networks. Together, we bring personalized marketing to consumers across offline and online channels, at moments of interest, that help drive business growth for brands. An Alliance Data* company, Epsilon employs over 8,000 associates in 70 offices worldwide. For more information, visitwww.epsilon.com and follow us on Twitter @EpsilonMktg.
Alliance Data provides equal employment opportunities without regard to race, color, religion, gender, age, national origin, disability, sexual orientation, gender identity, veteran status or any other characteristic protected by law.

For San Francisco Bay Area:
Alliance Data will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of San Francisco Police Code Sections 4901 - 4919, commonly referred to as the San Francisco Fair Chance Ordinance

Alliance Data is an Equal Opportunity Employer.

Alliance Data will provide accommodations to applicants needing accommodations to complete the application process.

Any applicant offered employment will be required to establish that they are legally authorized to work in the United States for Alliance Data.

Alliance Data participates in E-Verify.

Alliance Data will consider for employment qualified applicants with criminal and credit histories in a manner consistent with the requirements of all applicable laws, including the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance.


Back to top