Listing Description
PRIMARY PURPOSE:
We’re looking for a passionate and highly motivated professional to serve as a senior member of our Incident Response program. The Lead Cyber Security Analyst will use his or her experience and advanced knowledge to defend our networks, systems, and data from attack. Understanding current tactics, techniques, and procedures used by adversaries you will apply that knowledge to the investigation of cyber attacks, ensuring appropriate steps are taken to mitigate and remediate the threats. You will serve as an escalated contact and mentor for the team, working closely with others within our broader cyber and technology organizations to support our mission.
PRINCIPAL RESPONSIBILITIES:
Serves as a technical mentor, technical role model, and SME for the Incident Response team. Performs as a SME in related cyber technologies. Provides guidance for cyber security team practices and helps to ensure they are understood and adhered. Serves as an escalation point for deeply technical investigations, provides guidance, and practical advice. Provides thought leadership on the design, and implementation of new detection strategies. Participates in hunt operations in partnership with Incident Response and Cyber Threat Intelligence members. Partners with cloud engineers to design and implement cloud security detection, response, and forensic operations. Fosters collaboration and fusion across Cyber Threat Intelligence, Red Team, Vulnerability Management, and Incident Response associates. Ensures incident documentation and runbooks are comprehensive, accurate, and up to date. Makes recommendations that are aligned to the firm’s broader cyber security strategy. Can articulate cyber security risk and communicate to leadership.
QUALIFICATIONS
Required
Typically, 8+ years of relevant experience in Security Operations Centers (SOC) or similar incident response roles. Ability to work in a professional environment and communicate effectively to both technical and non-technical audiences. Stays relevant with cyber security threats, counter measures and associated technologies. Incorporates Cyber Threat Intelligence and Cyber Security Awareness concepts into programs as necessary to address risk from internal and external threats. Conversant in many areas of cyber security and learns new concepts quickly. SME understanding of Internet, component and systems dependencies concepts. Expertise with security information and event management (SIEM) systems and SIEM rule writing. Knowledge and operational use of major cloud technologies. Firm understanding of endpoint and network-based security solutions, including EDR, firewalls, proxies and email security gateways. A solid grasp of networking and core Internet protocols (e.g. TCP/IP, DNS, SMTP, HTTP, SMB, and distributed networks). Proficient in network forensics including PCAP analysis, network security, and IDS/IPS analysis. Familiarity with responding to incidents in the cloud (AWS, Azure, etc.). Familiarity with host-based forensics across multiple platforms – Windows, Linux, and macOS. SANS GIAC (GSEC, GCIA, GCIH, GCFA, etc.), CISSP, CEH, OSCP, or similar information security certifications preferred
Listing Details
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided