Incident Response Analyst

• Provide Tier 2 incident response services to the global organization on behalf of the Information Security Team
• Receive, process, and resolve tickets per defined SLA's
• Analyze information garnered from monitoring systems, operational incidents, and other sources to determine the scope and impact of potential security incidents, and process accordingly
• Critically assess current practices and provide feedback to management on improvement opportunities
• Assist with the design and implementation of threat detection and prevention solutions identified as necessary for the protection of Firm assets
• Effectively utilize common IR toolsets, platforms, and processes, such as SIEM, log management, packet capture, and breach detection systems
• Assist with forensic examinations and chain-of-custody procedures as directed by the Security Incident Response Engineers
• Provide input into standards and procedures
• Report compliance failures to management for immediate remediation
• Maintain assigned systems to ensure availability, reliability, and integrity, including the oversight of current and projected capacity, performance, and licensing
• Provide status reports and relevant metrics to the Security Operations Manager
• Contribute to the Firm's security-related information repositories and other marketing/awareness endeavors
• Participate in special projects as needed

Qualification

Good to have Licenses, and Certifications:

GSEC, GCIH, GCFE, GREM

CISSP or SSCP desired

Education

Possess a Computer Science Bachelors Degree or substantial equivalent experience

Experience:

• Some professional experience in information security with a Focus on incident response and forensics
• Foundational knowledge of IR concepts and best practices, including forensics and chain-of-custody
• Experience with common IR tools such as SIEM, log management, IDS, breach detection systems (APT/BDS/EDR), and packet capture.
• Broad understanding of TCP/IP, DNS, common network services, and other foundational topics
• Working knowledge of malware detection, analysis, and evasion techniques
• Able to conduct static and dynamic analysis of malware to extract indicators of compromise, profile malware behavior, and provide recommendations for mitigating and detecting malware; Able to analyze suspicious websites, script-based and malware code
• Experience with vulnerability management tools such as Qualys, Nessus, or other vulnerability scanning discovery tools
• Broad familiarity with the threat landscape and the ability to adapt practices to evolving circumstances
• Identify, analyze, and report threats within the enterprise by using information collected from a variety of sources (IDS/IPS, SIEM, AV), to protect data and networks. Implement techniques to hunt for known and unknown threats based on available threat intelligence reports and knowledge of the attacker's TTPs
• Able to gather and analyze facts, draw conclusions, define problems, and suggest solutions
• Maintain critical thinking and composure under pressure
• Strong written and oral communication skills. Ability to convey complex concepts to non-technical constituents. Proficiency in oral and written English
• Capable of assisting with the preparation of internal training materials and documentation
• Able to be productive and maintain focus without direct supervision
• Passionate in the practice and pursuit of IR excellence
• Can exhibit a disciplined and rigorous approach to incident handling
• Willing to accommodate shift-based work for a global organization
• Provide exemplary customer service by striving for first-call resolution and demonstrating empathy, respect, professionalism, and expertise
• Experience with digital forensics on host or network and identification of anomalous behavior on the network or endpoint devices. Familiar with host and network-based forensic tools such as EnCase, FTK, Sleuth Kit, X Ways, etc.

Know-how

• Demonstrates the ability to identify the real issue, and to anticipate requirements and potential consequences; distills a range of possibilities by thinking in a considered, prudent manner
• Has the capacity to take on new ideas and develop knowledge and think holistically about business and address media, analyst, employee, and client audiences.
• Able to move through a variety of tasks requiring different approaches, knowledge, and expertise, with the agility of mind and capacity for analysis and synthesis.