Incident Response Analyst

Top 3 requirements

1. 5+ years of incident response experience
2. MS Security Tools Suite Experience (Defender)
3. SIEM

Principle Duties and Responsibilities:

• Advance and maintain incident response plan.
• Lead incident response events and activities.
• Subject matter expert responsible for managing threats, disseminating information, and handling, responding to, and investigating all incident escalations from the Tier 1 and 2 analysts.
• Point of escalation for Tier 1 & 2. Management of the incident response process if previous IR tiers could not resolve the ticket.
• Perform event investigation, post incident root cause analysis, remediation planning, capture metrics, compile and track lessons learned, document and disseminate incident report in coordination with the IR process.
• Evaluate and recommend emerging technologies within information security.
• Work independently with 3rd party providers, vendors, and other departments.
• Provide 24x7 operational support for escalations on a rotating basis.

Requirements
Basic Qualifications:

• Bachelor s degree in Information Security or related field or equivalent work experience.
• 5+ year's experience in information security including incident response.
• Excellent organization, communication, collaboration, and interpersonal skills.
• Ability to communicate and present complex issues and ideas with precision and clarity, adjusting appropriately for the audience; ability to communicate effectively at all levels of the organization.
• Experience working within a large, complex corporate environment providing consulting services on large initiatives.
• Experience managing and prioritizing multiple tasks in an effective manner.
• Knowledge and understanding of network and security fundamentals, protocols, and technologies.
• Strong understanding of mitigating security controls (i.e., anti-virus, IPS/IDS, email filtering, web site blocking, patching) and how they work in an overall defense in depth risk assessment methodology.
• Understanding of Technology Platforms (Windows, Open Source, Middleware Applications, Database Applications, Cisco, Microsoft security suite)
• Understanding of incident handling.
• Experience developing and providing effective and professional presentations to all levels (including Senior Management).
• In-depth knowledge of security protocols and principles.
• Ability to work in a dynamic and diverse team-oriented environment.

Preferred Qualifications:

• Industry-recognized security, network, or other professional certifications sponsored by organizations such as SANS, ISC 2 , Microsoft, Cisco, and Offensive Security.
• Working knowledge MITRE ATT&CK Framework, CIS Controls, and OWASP.
• Experience managing projects, vendor management, and leading staff.
• Experience in conducting training and mentoring.
• Strong subject matter expertise in incidence response.
• Strong understanding of Information Security industry standards/best practices such as NIST.
• Strong understanding of Information Security related laws and regulations including HIPAA and PCI.
• Experience with engineering and/or architecture of technologies such as network firewalls, intrusion detection sensors, antimalware technologies, vulnerability scanning technologies, and APT prevention technologies.
• Experience developing and maintaining operational metrics.

Knowledge of cloud computing technology (e.g. Azure, Google Cloud, AWS, etc.)