Top 3 requirements
- 5+ years of incident response experience
- MS Security Tools Suite Experience (Defender)
- SIEM
Principle Duties and Responsibilities:
- Advance and maintain incident response plan.
- Lead incident response events and activities.
- Subject matter expert responsible for managing threats, disseminating information, and handling, responding to, and investigating all incident escalations from the Tier 1 and 2 analysts.
- Point of escalation for Tier 1 & 2. Management of the incident response process if previous IR tiers could not resolve the ticket.
- Perform event investigation, post incident root cause analysis, remediation planning, capture metrics, compile and track lessons learned, document and disseminate incident report in coordination with the IR process.
- Evaluate and recommend emerging technologies within information security.
- Work independently with 3rd party providers, vendors, and other departments.
- Provide 24x7 operational support for escalations on a rotating basis.
Requirements
Basic Qualifications:
- Bachelor s degree in Information Security or related field or equivalent work experience.
- 5+ year's experience in information security including incident response.
- Excellent organization, communication, collaboration, and interpersonal skills.
- Ability to communicate and present complex issues and ideas with precision and clarity, adjusting appropriately for the audience; ability to communicate effectively at all levels of the organization.
- Experience working within a large, complex corporate environment providing consulting services on large initiatives.
- Experience managing and prioritizing multiple tasks in an effective manner.
- Knowledge and understanding of network and security fundamentals, protocols, and technologies.
- Strong understanding of mitigating security controls (i.e., anti-virus, IPS/IDS, email filtering, web site blocking, patching) and how they work in an overall defense in depth risk assessment methodology.
- Understanding of Technology Platforms (Windows, Open Source, Middleware Applications, Database Applications, Cisco, Microsoft security suite)
- Understanding of incident handling.
- Experience developing and providing effective and professional presentations to all levels (including Senior Management).
- In-depth knowledge of security protocols and principles.
- Ability to work in a dynamic and diverse team-oriented environment.
Preferred Qualifications:
- Industry-recognized security, network, or other professional certifications sponsored by organizations such as SANS, ISC 2 , Microsoft, Cisco, and Offensive Security.
- Working knowledge MITRE ATT&CK Framework, CIS Controls, and OWASP.
- Experience managing projects, vendor management, and leading staff.
- Experience in conducting training and mentoring.
- Strong subject matter expertise in incidence response.
- Strong understanding of Information Security industry standards/best practices such as NIST.
- Strong understanding of Information Security related laws and regulations including HIPAA and PCI.
- Experience with engineering and/or architecture of technologies such as network firewalls, intrusion detection sensors, antimalware technologies, vulnerability scanning technologies, and APT prevention technologies.
- Experience developing and maintaining operational metrics.
Knowledge of cloud computing technology (e.g. Azure, Google Cloud, AWS, etc.)
Incident Response Analyst