Principal Incident Analyst - U.S. Bank Cincinnati, OH, USA Bookmark Share Print 667 2 8

Listing Description

The team also provides 3rd level support & operational duties for malware, fraud investigation, data loss prevention remediation, rogue device review and reporting, metrics & process creation review.

This position is set for Monday through Friday. Possible on call rotation for Incident Response.

Main Duties

• Incident Response: Perform network, host, and memory forensic analysis on various operating systems and applications.

-Handle escalated cyber threats and coordinate response efforts with the CSIRT.

• Analyze advanced malware samples and remediate threats to users and assets.

• Technical resource for GSOC Operations during all shifts.

• Correlate data from intrusion detection and prevention systems with data from other sources such as firewall, web server, and DNS logs in order to identify misuse, malware, or unauthorized activity on monitored networks. Communicating and escalate issues and incidents as required by process and/or management.

• Maintain an understanding of the current vulnerabilities, response, and mitigation strategies used in security operations.

• Participates in the computer security incident response team efforts and other security investigations activities as assigned.

• Assisting in building SOC and CSIRT processes, procedures, and training.

• Creating and enhancing standard operating procedures and technical guides.

• Assist in the creation and tuning of network and host detection signatures based on user behavior analysis and threat intelligence.

• Stay abreast of current technologies, developments, security compliance requirements, standards and industry trends in order to help achieve the goals of the department.

• Work with compliance teams to support security and privacy audits and helps develops a mitigation strategy. Works to obtain and compile necessary documentation and evidence for all external and internal security audits and assessments.

• Works to obtain and compile necessary documentation and evidence for all external and internal security audits and assessments.Basic Qualifications:

• Bachelor's degree or equivalent work experience

• At least 6 years of experience with processes, tools, techniques and practices for assuring adherence to standards associated with accessing, altering and protecting organizational data.

Required:

• 4+ years of experience performing network forensic investigations.

• Experience with memory analysis on Windows, Linux and other various operating systems.

• Intermediate skills using Windows CMD line, Powershell, and Linux Bash.

• Experience drafting and implementing SOC/IR documentation enhancing day to day operations and development of security analysts.

• Ability to work a on call rotation.

Preferred Skills/Experience:

• Knowledge of cyber threat groups, hacking tools and techniques.

• Strong knowledge of common operating systems and file systems for Windows and UNIX as well as enterprise architecture.

• Strong knowledge of network protocols and network devices such as routers, switches, proxy servers, VPN, intrusion detection systems, TCP/UDP concepts, general IP networking, encryption and tunnels.

• Background in log analysis for network devices, servers (i.e. web servers) and clients.

• Experience with sandbox environments, reverse engineering and current malware forensics a plus.

• Experience with cyber threat intelligence methodologies.

• Understanding of penetration, ethical hacking and vulnerability assessment tools/technologies.

• Understanding of HTML, JavaScript, ASP and database query languages such as MySQL or Microsoft SQL desired.

• Maintain knowledge of law, regulations, and technology advancement related to cyber threat intelligence or incident response functions.

• Advanced Proficiency in Windows Office Suite (Word, Excel, PowerPoint, Visio, and SharePoint).

• Excellent communication skills, both oral and written