Security Incident Response

  •  

Atlanta, GA

Industry: Technology

  •  

5 - 7 years

Posted 154 days ago

  by    Scott Hall

This job is no longer available.

Summary:

Perform front line accurate and precise real-time monitoring and analysis of correlation of logs/alerts from a multitude of security devices with a focus on the determination of whether said events constitute security incidents as well as network traffic. Working closely with Tier 1 as well as being the point of escalation for Tier 1 analysts.

 

Responsibilities:

- Assist in the development and maintenance of security monitoring and incident response services including but not limited to networkevent analysis, host event analysis, email analysis

- Monitor ticketing queue and support Tier 1 analysts in performing their duties

- Triage securityevents as they come in both as a first level analyst and an escalation point

- Peer Review Tier 1 work products for completeness and accuracy. Mentor Tier 1 analysts on opportunities to improve

- Lead and remediate simple security incidents

- Support complex security incidents as directed by Incident Response Coordination Team

- Perform proactive hunting style activities to identify and baseline the environment. Record findings to build a comprehensive body of knowledge around normal behaviors. Develop rules based on interesting findings to support Tier 1 analysts and peers in repeating the detection activities.

- Support management team on activities as directed to improve the security monitoring and incident response services

 

Qualifications:

- Bachelor's degree in Computer or Software Engineering, Computer Science, Information Management, Information Science or a related technical field preferred

- 4+ years of experience working in information security or information technology roles

- Demonstrated ability to interact with business and technical audiences across all levels of an organization

- Strong time management skills and experience handling multiple initiatives with competing priorities

- Strong analytical and technical skills

- Experience working in a security operations center environment highly desired

- In-depth knowledge of common internet protocols (e.g., DNS, HTTP)

- In-depth knowledge of common information securitythreats at all OSI layers

- Security knowledge across multiple security domains and technologies (e.g., operating systems, databases, networking, applications, identity and access management)

- Strong knowledge of and experience working in Windows and Linux environments

- Experience working with APIs (e.g., SOAP, RESTful)

- Experience working with common data formats (e.g., CSV, XML, JSON, Syslog, CEF)

- Ability to develop custom scripts using common scriptinglanguages (e.g., Python, PowerShell, VBA)

- Experience programming in object-oriented languages (e.g., C++, C#, Java) preferred

Certifications:

- Possession of industry certifications highly preferred including, but not limited to, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), GIAC Web Application Penetration Testing (GWAPT), GIAC Network Penetration Testing (GPEN), Certified Ethical Hacker (CEH), and Offensive Security Certified Professional (OSCP)

 

$90K - $100K