Cyber Security Incident Response Analyst

A Cyber Security Center Response Analyst with a current focus on structured and unstructured tasks associated with proactive identification and remediation of suspicious network and host based activity. Scope is for any Ford Motor Company asset or asset of any subsidiary or joint venture worldwide. The CSC Response Analyst is focused on addressing information security incidents, including theft, misuse of data, intrusions, hostile probes, and malicious software. Successful candidates must have a significant interest in computer forensics, and forensics background is considered a plus. The candidate should display strong technical depth that spans PC and server hardware/software, peripherals and networks. A solid background in understanding modern computing vulnerabilities, attack vectors and exploits is recommended. Participate in formal incident response efforts - coordinated responses to major intrusions or exploits. Incident investigations including: intrusions, illegal software usage, misuse of computing facilities, internal probes and most importantly hacks, ransomware, phishing, social engineering, cloud security and so on. Daily analysis of multiple data sources (host and network activity) with the ability to determine if a threat applies to Ford or not. Security Incident Event Management Pattern analysis based on threat intelligence feeds. Scripting to automate certain analysis tasks. Verification of identified cyber incidents through digital forensic investigation using various tools. Ability to perform high-quality work and deliver results in timely manner. Provide data and analysis in support of regular metric reporting demonstrating business value directly associated with pro-active analysis. Enable compliance with laws and regulations. Mentor junior and peer CSC analysts in proper incident handling techniques and specific tools and techniques.

Detect and Thwart Attacks:  

• Identify, defend, and mitigate against web application attacks, reconnaissance, network attacks like Windows Active Directory or cloud environments, password attacks, post exploitation attacks (against an attacker already in a traditional network or a cloud environment), drive-by attacks, endpoint attacks and so on. 
• Detect use of covert or exploitation tools, evasive techniques (used by threat actors to hide their presence in the network), handling incidents by using industry best practices of skills including but not limited to memory & malware analysis, network investigation, etc.
• Responsible for performing deep dive investigation on information security incidents to contain and remediate appropriately. Use in-depth Forensic and Malware analysis, Reverse Engineering Malware skills for proactive identification of threats to Ford.

 

Threat Hunting: 

• Threat hunting is a cybersecurity practice that involves identifying and observing malware indicators and patterns of activity to generate accurate threat intelligence that can be used to detect current and future intrusions.
• Responsible to hunt down, identify, counter, and recover from a wide range of threats within enterprise networks, including APT nation-state adversaries, organized crime syndicates, and ransomware operators.
• Develop tools, techniques, and procedures necessary to effectively hunt, detect, and contain a variety of adversaries and to remediate incidents.

 

Experience in SIEM, EDR, IDS/IPS, Windows, Linux, Firewall, Cloud, OSINT, Sandbox, Types of Phish, Malware static & dynamic analysis, Memory analysis, Network packet analysis, Reverse Engineering, API, Manufacturing networks, Server incidents, Exchange servers, DNS, Google cloud, Azure, B2C, MITRE, Cyber kill chain, RegEx, Python, shell, PowerShell

Basic Qualifications:

• Bachelor’s Degree (Computer Science or related)
• 5+ Years of experience in Cyber SOC, particularly with significant experience in Incident response

 

Industry Certifications: 

Advanced certs like GCIH, EC-Council IH, GREM, GCFA or similar certs in forensics, incident response or incident handling are preferred.

Skillset requirements

Skillset Proficiency (5 being highest, 0 lowest) SIEM tools – Qradar, Splunk, Chronicle 4-5 Detect and Defend- Windows, Linux, Industrial systems 3-4-5 Digital Forensics   3-4-5 Malware Analysis - Static, Dynamic and Reverse Engineering 3-4-5 Automation and Scripting- Python, PowerShell, Shell 3-4-5 EDR/XDR and SOAR  3-4-5 Network Protocols and Infrastructure, Packet Analysis - includes Parsing malicious packets, DDOS attacks, Wireshark, tcpdump 3-4-5 RegEx – Searches, parsing logs 3-4-5 Memory investigation and forensics using Volatility, ResponderPro, Axiom 3-4-5 Email analysis 3-4-5 Cloud security essentials- GCP, Azure cloud 3-4-5