Incident Response Analyst
United States - Remote
Full Time Entry-level / Junior USD 60K - 70K
About Us
Thrive is a rapidly growing technology solutions provider focusing upon Cloud, Cyber Security, Networking, Disaster Recovery and Managed Services. Our corporate culture, engineering talent, customer-centric approach, and focus upon “next generation” services help us stand out amongst our peers. Thrive is on the look-out for individuals who don’t view their weekdays spent at “a job”, but rather look to develop valuable skills that ignite their passion and lead to a CAREER. If you’re attracted to a “work hard, play hard” environment, seeking the guidance, training and experience necessary to build a lucrative career, then welcome to THRIVE!!
Position Overview
With a growing client base, Thrive is continuing to build out its security team. We are looking to hire an Incident Response Analyst to take a role within our Security Operation Center. The analyst will assist with continuously monitoring and improving our customers' security posture, while preventing, detecting, analyzing, and responding to cybersecurity incidents utilizing technology and well-defined processes and procedures. The ideal candidate will have a passion for information security and will value what a properly managed Security monitoring solution can bring to our client needs.
Primary Responsibilities
Process investigation requests from SOC Analysts who perform security event monitoring using Security Information and Event Management (SIEM) from multiple sources, including but not limited to, events from network and host-based intrusion detection/prevention systems, network infrastructure logs, systems logs, applications, and databases.
Investigate intrusion attempts, differentiate false positives from true intrusion attempts, and perform in-depth analysis of exploits.
Lead incident response and threat hunting efforts for confirmed High Priority security incidents and follow through until resolution.
Utilize threat intelligence to identify and investigate potential security threats.
Develop playbooks for incident response and incident management processes, including threat triage, incident investigation, and incident resolution.
Conduct regular reviews of playbooks to ensure they are current and effective.
Work with cross-functional teams to ensure that playbooks are aligned with the overall security strategy and goals.
Participate in tabletop exercises and drills to test and validate playbooks.
Monitor and evaluate security incidents to identify opportunities for improving playbooks.
Keep up-to-date with current security threats and trends to ensure that playbooks are relevant and effective.
Actively investigate the latest security vulnerabilities, advisories, incidents, and TTPs (tactics, techniques, and procedures) and work with the Security Engineering team to recommend use cases.
Proactive monitoring, threat hunting, and response of known and/or emerging threats.
Carry out Thrive’s information security strategy both internally and externally for 400+ clients.
Analyze data from our SOC, SIEM and EDR platforms and determine if further analysis is needed.
Work within Thrive’s security standards and best practices and recommend future enhancements.
Stay abreast of security events and techniques to keep our clients protected.
Qualifications
Demonstrates comprehension of best security practices
Has advanced knowledge of the following systems and technologies:
SIEM (Security Information and Event Management)
TCP/IP, computer networking, routing, and switching
IDS/IPS, penetration and vulnerability testing
Firewall and intrusion detection/prevention protocols
Windows, UNIX, and Linux operating systems
Network protocols and packet analysis tools
EDR, Anti-virus, and anti-malware
Content filtering
Email and web gateway.
Malware, Network, or System Analysis
Professional experience in a system administration role supporting multiple platforms and applications
Ability to collaborate and communicate security issues to clients, peers, and management
Strong analytical and problem-solving skills
Adaptability and resilience in rapidly evolving situations
Ability to be a part of an on-call rotation, occasionally working nights and weekends to support High Priority Security Incidents
Required Skills
Technical proficiency in networking, operating systems, and security technologies.
Familiarity with security tools like SIEM, IDS/IPS, EDR, and forensic analysis tools.
Understanding of incident response procedures and methodologies.
Understanding of frameworks such as MITRE ATT&CK and the Cyber Kill chain,
Familiarity with TCP/IP network protocols, application layer protocols (e.g., HTTP, SMTP, DNS, etc.).
Experience in responding to and investigating cloud, system, or network intrusions
Excellent Written and Verbal Communication Skills.
Expertise in forensics, malware analysis, and network intrusion response.
Preferred Skills
Knowledge of common Windows and Linux/Unix system calls and APIs
Knowledge of programming languages
Knowledge of internal file structures for file formats commonly associated with malware (e.g., OLE, RTF, PDF, EXE, etc.
Knowledge or experience in Detection Engineering
Tags: APIs Cloud Cyber Kill Chain DNS EDR Exploits Firewalls Forensics IDS Incident response Intrusion detection IPS Linux Malware MITRE ATT&CK Monitoring Security strategy SIEM SMTP SOC Strategy TCP/IP Threat intelligence TTPs UNIX Vulnerabilities Windows
Perks/benefits: Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Systems Security Officer (ISSO) jobs
- Open Information Security Officer jobs
- Open Senior Product Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Product Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Cyber Security Architect jobs
- Open Cybersecurity Analyst jobs
- Open Cyber Security Specialist jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Staff Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cybersecurity Editor jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Engineer jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Penetration Tester jobs
- Open Cybersecurity Specialist jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open ISO 27001-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open APIs-related jobs
- Open Security Clearance-related jobs
- Open Forensics-related jobs
- Open SaaS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open IDS-related jobs
- Open DoD-related jobs
- Open DevOps-related jobs