The Senior Cyber Security Analyst for Incident Response will work in an environment where challenging technical and security issues in a dynamic operational environment will test knowledge, skills and abilities as they relate to incident response, forensics and cyberthreat hunting. The Senior Cyber Security Analyst for Incident Response will: use data collected from cyber defense tools to analyze events for the purposes of finding and mitigating threats; Investigate, analyze, and respond to cyber incidents; Evaluate security controls against the current threatlandscape and organizational architecture and provide recommendations for enhancement ; Cultivate an active partnership with Enterprise Architecture, Technology Platform and Application Owners as they are accountable for the secure design, configuration, and operation of their environments.
ROLE SUMMARY AND JOB RESPONSIBILITIES
- Accountable for all aspects of the cybersecurity analysis process for their work
- Contributes to the development of and improvement in cybersecurity best practices within their group
- Leads analysis and actively participates in providing feedback on team members’ work
- Ability to Lead a team on cyber analysis or incident response
- Ability to break down complex or vague problems and steps through them in a rational way
- Flexible in his or her thinking; able to evolve a solution when additional information or ideas are presented
- Decisions and recommendations distinguish between near term mitigation and required future investments
- Mentors junior members of the team
- Identifies when junior resources need help and provides it in a positive way that promotes confidence.
- Proactively helps team members/make suggestions to improve practices.
- Can articulate cybersecurityrisk and translate into practical solutions to technology teams
- Thorough knowledge of the cyber analysis program associated objectives
- Typically requires 4+ years or relevant experience
- Stays current with relevant cybersecuritythreats and counter measures
- Shows a commitment to quality by implementing suitable solutions
- Excellent communication and interpersonal skills
- Leads work reviews and actively participates in providing feedback on others’ work
- Performs as an expert in one or more cybersecurity programs.
- Thorough understanding of TCP/IP, OSI model and component and systems dependencies concepts.
- Thorough understanding of incident response processes and procedures
- Utilizes Cyber Threat Intelligence and Cyber Security Awareness concepts to influence work
- In depth understanding of Windows operating systems
- General knowledge of Unix, Linux, and Mac operating systems
- General knowledge of the functions of various securityinfrastructure such as firewalls, intrusion prevention/detection systems, proxy servers, email controls, anonymizing technology, and SIEM
- General knowledge of web application technologies
- General knowledge of network and systems forensics
- Ability to identify and analyze malicious code
- Ability to work as part of a team
- Ability to show initiative and take on new tasks as assigned
- Ability to perform risk analysis and communicate that risk to others
- Ability to participate in an on-call rotation roughly 1 week per month (typically 3-5 hours in total)
- General understanding of AWS, Azure and/or Google Cloud
- Experience in a 24x7 global enterprise, preferably in the Financial industry
- SANS GIAC certifications (such as GREM, GCIH, GCFA)
- In-depth knowledge of malware analysis tools
- Scripting experience, preferably Python and/or Powershell
- General knowledge of Splunk
- General system administration.