The Alight Global Security Operations team is seeking an experienced Cyber Security Incident Response Analyst. This role will require the right colleague to serve as a tactical and operational technical resource and to provide awareness of, and response to security incidents. In addition, this role will require the utilization and integration of threat intelligence to proactively hunt for and address threats and trends in direct partnership with Alight?s business and technology organizations. You will also be expected to promote team spirit and enthusiasm, dispelling negativity, maintaining ongoing open dialog, and fostering ideas and talents of others.
As a Security Incident Response Analyst, a typical day to include the following:
- Work as part of a team of Information Security professionals supporting a global enterprise.
- Triage and respond to information security incidents reported via SIEM, ticketing system, email, etc?
- Perform root cause analysis, document findings and collaborate with technology/process owners to prevent future occurrences.
- Research, analyze and understand log sources originating from security and networking devices such as firewalls, routers, proxy, anti-virus products, and operating systems.
- Automate manual processes via scripting and utilization of various tools and platforms.
- Perform raw data review in an effort to identify malicious activity for which signatures/content do not exist.
- Assist with the development of new content and tuning/filtering of existing content for SIEM, IDS/IPS, and other security technologies.
- Assist management in ensuring the team is executing on core responsibilities such as working incidents through to completion, ticket queue maintenance, documentation evergreen, training requirements, etc?
- Work with management to define /update standard operating procedures and response plans.
- Support efforts of Technical Directors and/or Management during all phases of the Incident Response process.
- Serve as a primary escalation point for security incidents.
- Manage or contribute to projects that directly correspond to the maturity and/or capabilities of the Security Operations team.
- Advanced knowledge of computer networking: TCP/IP, routing and protocols.
- Advanced knowledge of packet structure and previous experience performing in-depth packet analysis.
- Advanced knowledge of Incident Response methodologies and information security best practices/technologies. GCIH, GCIA, CISSP or equivalent knowledge/experiencerequired.
- Advanced knowledge regarding the administration, use, securing and exploitation of common operating systems.
- Minimum of 3years?experience utilizing HIDS/NIDS, SIEM, anti-virus, packet capture tools, host based analysis technologies in a security analyst capacity; preferably within a 24x7x365 operations environment.
- Minimum of 3years?experience analyzing log sources originating from security and networking devices such as firewalls, routers, proxy, anti-virus products, and operating systems required.
- Strong proficiency with Windows and Unix/Linux command line.
- Expert knowledge of obfuscation techniques used to encode/encrypt malicious traffic/data.
- Familiarity with a standardized incident response framework (SANS/NIST).
- Research and analytical background and an analytical approach; especially with respect to event classification, event correlation, and root cause analysis.
- Scriptingexperience with Python, Perl, SQL, and/or PowerShell required.
- Experience driving vendors and co-sourcing partners to successfully resolve problems.
- Must be able to react quickly, decisively, and deliberately in high stress situations.
- High level of ethics and core values.
- A strong passion for learning.
- Strong verbal/written communication and interpersonal skills are required to document and communicate findings, escalate critical incidents, and interact with customers.
- Willingness to serve as a member of an Incident Response Team (IRT) which may require responding to emergency calls during non-business hours.
- Highly motivated individual with the ability to self-start, prioritize, and multi-task.
By applying for a position with Alight, you understand that, should you be made an offer, it will be contingent on your undergoing and successfully completing a background check consistent with Alight?s employment policies. Background checks may include some or all of the following based on the nature of the position: SSN/SIN validation, education verification, employment verification, and criminal check, search against global sanctions and government watch lists, fingerprint verification, credit check, and/or drug test. You will be notified during the hiring process which checks are required by the position.
At Alight, we believe that diversity should be visible, valued, and sustained throughout the organization. Alight provides equal treatment and employment opportunities to all employees and applicants for employment without regard to any protected status or other protected characteristic.
Alight does not discriminate against anyone based on sex, race, color, religion, creed, national origin, ancestry, age, physical or mental disability, medical condition, pregnancy, marital or domestic partner status, citizenship, military or veteran status, sexual orientation, gender, gender identity or expression, genetic information, or any other legally protected characteristics or conduct covered by federal, state or local law. In addition, we take affirmative action to employ and advance in employment qualified minorities, women, disabled persons, disabled veterans and other covered veterans.
Alight provides reasonable accommodations to the known limitations of otherwise qualified employees and applicants for employment with disabilities, sincerely held religious beliefs, practices and observances, unless doing so would result in an undue hardship. Applicants for employment may request a reasonable accommodation/modification by contacting his/her recruiter.