Incident Response Analyst (Full Time)

Job Summary

This position functions as a member of the corporate information security team and will be an integral participant in drafting and reviewing incident response process documentation.  The position shall monitor threat information sources, participate in the incident response, and root cause analysis, and produce metrics relevant to historical events and/or incidents.  The position works with local offices and their administrators to assist in accomplishing incident triage and forensic activities consistent with documented procedures for confirmed incidents.  The position shall report to and work with the Information Security Manager.  In addition, the position shall work with peer team members, Aisa Head, Director of Operations & Security, and the corporate legal team.

Job Requirements

• Participate in day-to-day operations of reviewing information security incidents from various sources, coordinate response, escalation, tracking and analysis of incidents
• Participate in drafting and reviewing incident response process documentation
• Development of Incident Response dashboard and metrics as directed by manager
• Conduct advanced computer and network forensic investigations relating to various forms of malware, computer intrusion, data breaches, etc.
• Participate in threat hunting activities to proactively search for threats in the enterprise environment
• Management and monitoring of data loss prevention (DLP) initiatives
• Keep up to date on latest information security threats and countermeasures
• Recommend security enhancements and purchases consistent with information security strategy and evolving threats
• Provide forensic analysis of network packet captures, DNS, proxy, Netflow, malware, host-based security and application logs, as well as logs from various types of security sensors
• Assist in identifying and remediating gaps as identified throughout the investigation
• Review log-based data, both in raw form and utilizing SIEM or aggregation tools
• Work with the Information Security Officer as integral member of incident response team
• Maintain an up-to-date understanding of industry best practices.
• Willingness to travel occasionally

Qualifications

• Minimum 3-4 years of relevant experience in the information security field
• In depth knowledge of Information Security incident handling and investigation procedures
• Demonstrated skills in conducting forensic analysis of digital evidence, network traffic, managing event analysis/correlation and related incident investigations
• Technical skills proficiency in the following areas: security information event management, network communication using TCP/IP protocols, basic system administration, basic understanding of malware (malware communication, installation, malware types), intermediate knowledge of computer network defense operations (proxy, firewall, IDS/IPS, router/switch, open-source information collection
• Excellent teamwork skills and the ability to successfully interface with other organizational groups
• Candidate must be able to effectively communicate in English (written and presentation/verbal)
• Ability to clearly and effectively communicate Information Security matters to executives, auditors and end users
• Candidate should have a passion for research, and uncovering the unknown about cyber security threats and threat actors
• Candidate should have excellent time management skills including the ability to prepare prioritize and complete work plans.
• Candidate should have excellent decision making and problem-solving skills including the ability to clearly define and resolve issues.
• Ability to work effectively and organize priorities independently

Education & Experience

• Appropriate education such as a Bachelor’s degree in Computer Science (or related engineering degree)
• Minimum 3-4 years of relevant experience in the information security field
• Working knowledge of security operations: perimeter defense, forensics, incident response, kill chain analysis, risk assessment and security metrics.
• Preferred Certifications: CISSP, CISM, CEH, CCFP
• Strong Understanding of risk-based and one or more of the following frameworks: HITRUST, NIST, PCI-DSS, Sarbanes Oxley, HIPAA, FISMA, ISO, or COBIT.