Sr. Cybersecurity Analyst-Incident Response (Hybrid)
USA-MI-Ann Arbor-KLA
Full Time Senior-level / Expert USD 103K - 175K
Company Overview
KLA is a global leader in diversified electronics for the semiconductor manufacturing ecosystem. Virtually every electronic device in the world is produced using our technologies. No laptop, smartphone, wearable device, voice-controlled gadget, flexible screen, VR device or smart car would have made it into your hands without us. KLA invents systems and solutions for the manufacturing of wafers and reticles, integrated circuits, packaging, printed circuit boards and flat panel displays. The innovative ideas and devices that are advancing humanity all begin with inspiration, research and development. KLA focuses more than average on innovation and we invest 15% of sales back into R&D. Our expert teams of physicists, engineers, data scientists and problem-solvers work together with the world’s leading technology providers to accelerate the delivery of tomorrow’s electronic devices. Life here is exciting and our teams thrive on tackling really hard problems. There is never a dull moment with us.Job Description/Preferred Qualifications
The Cybersecurity group at KLA is involved in every aspect of the global business. The KLA Cybersecurity group defends against cyber-attacks and provides cybersecurity tools, incident response services and assessment capabilities to safeguard the environments that support the essential operations of KLA. We are passionate about identifying adversarial activities and anticipating a wide variety of threats to strengthen our defenses and the overall protection of KLA Intellectual Property.
Responsibilities
The Senior Cybersecurity Analyst is responsible for advanced incident response, threat hunting, and maintaining the security tools that are used to secure our environment. This individual will have a specific focus on authoring detection rule-sets and generating and responding to tickets from our security tools and raising tickets (when appropriate) to relevant IT and Cybersecurity personnel.
Essential Duties and Responsibilities
Act as an active member of the team, which monitors and process responses for security events on a 24x7 basis to include serving in a rotational on-call capacity.
Plan and implement regular incident response and postmortem exercises, with a focus on crafting measurable benchmarks to show progress (or deficiencies requiring additional attention).
Review and analyze cyber threats and provide SME support and training to junior level security analysts.
Research adversarial detection evasion methods and develop new detection strategies to counteract these techniques.
Analyze malicious code, scripts, attack techniques, or exploits to identify detection telemetry generated at a host and/or network level.
Transform threat intelligence into effective detection logic and new signatures for integration with SIEM and EDR platforms.
Evaluate existing detection rules and facilitate the development and tuning of AV, EDR, and SIEM rules to ensure high fidelity alerting.
Communication with management as the need arises, keeping leaders informed of incident progress, notifying of impending changes or agreed outages.
IDS monitoring and analysis, analyze network traffic, log analysis, prioritize and differentiate between potential intrusion attempts and false alarms.
Compose security alert notifications.
Advise incident responders in the steps to take to investigate and resolve computer security incidents.
Actively preform detection, monitoring, analysis, and resolution of security incidents.
Prioritize their own work to provide a positive customer experience.
Participation in security incident handling efforts in response to a detected incident.
Must maintain awareness of trends in security regulatory, technology, and operational requirements.
Additional Duties and Responsibilities
Some domestic and/or international travel (up to 25%) may be required.
Ability to communicate clearly with other team members
Generate reports from different data sources and present to management when requested.
This is a Hybrid role and will be based out of our Midwest HQ in Ann Arbor, MI
Minimum Qualifications
5+ years of related experience in cybersecurity or related technologies such as: firewalls/AV/EDR/IPS/IDS/SIEM systems.
5+ experience working in or with a Security Operations Center (SOC) in an Incident Responder role.
Demonstrable experience developing behavioral-based signatures and indicators of compromise (IOCs) across host and network devices. There is a preference for Suricata experience, however familiarity using similar frameworks/methods (e.g. YARA, Sigma, STIX, Zeek, etc.) is acceptable.
Experience with scripting languages such as Python, Bash, and PowerShell for task automation and analysis.
Shown systems security exposure and proficiency in Operating Systems (Windows and Linux).
Relevant security related certification(s) a plus: CISSP, GCIA, GSEC, GCIH, GCED, GCFA, GREM.
Validated domain expertise in significant areas, such as incident response, intrusion analysis, incident handling, malware analysis, web security or security engineering.
Strong working knowledge of common security appliances including: EDR, SIEM, AV, scanners, proxies, WAF, Netflow, IDS and forensics tools
Ability to multi-task, adapt to changes quickly and handle heavy ticket volumes.
Technical awareness: ability to match resources to technical issues appropriately.
Ambitious and able to work in a fast-moving environment.
Familiarity with various network and host-based security applications and tools, such as network and host assessment/scanning tools, network and intrusion detection systems, and other security software packages.
Knowledge of confidentiality, integrity, and availability principles.
Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, DNS and directory services.
Knowledge of authentication, authorization, and access control methods.
Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
The company offers a total rewards package that is competitive and comprehensive including but not limited to the following: medical, dental, vision, life, and other voluntary benefits, 401(K) including company matching, employee stock purchase program (ESPP), student debt assistance, tuition reimbursement program, development and career growth opportunities and programs, financial planning benefits, wellness benefits including an employee assistance program (EAP), paid time off and paid company holidays, and family care and bonding leave.
KLA is proud to be an Equal Opportunity Employer. We do not discriminate on the basis of race, religion, color, national origin, sex, gender identity, gender expression, sexual orientation, age, marital status, veteran status, disability status or any other status protected by applicable law. We will ensure that qualified individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us at talent.acquisition@kla.com or at +1-408-352-2808 to request accommodation.
Tags: Automation Bash CISSP DNS EDR Exploits Firewalls Forensics GCED GCFA GCIA GCIH GREM GSEC IDS Incident response Intrusion detection IPS Linux Log analysis Malware Monitoring PowerShell Privacy Python R&D Scripting SIEM SOC TCP/IP Threat intelligence Windows
Perks/benefits: 401(k) matching Career development Competitive pay Equity / stock options Flex hours Flex vacation Gear Health care Medical leave Startup environment Team events Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Penetration Tester jobs
- Open Cloud Security Architect jobs
- Open Security Operations Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Cyber Security Architect jobs
- Open IT Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Network Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Security Consultant jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Manager Pentest H/F jobs
- Open Information Security Architect jobs
- Open Information System Security Officer jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open Vulnerability management-related jobs
- Open DoD-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Java-related jobs
- Open TS/SCI-related jobs