- Collect data and context necessary to analyze and triage alerts.
- Create tickets to document investigations.
- Determine criticality of incident.
- Act as an escalation point for junior analysts.
- Perform in-depth analysis and end-to-end investigations, from detection to remediation.
- Conduct incident response activities such as host triage, malware analysis, remote system analysis, end-user interviews, remediation efforts, and compile detailed investigation reports.
- Act as scribe during critical incidents.
- Operate as Incident Handler during critical incidents.
- Develop new and provide feedback on existing SIEM use cases.
- Evaluate existing technical capabilities and systems to identify opportunities for improvement.
- Maintain Standard Operating Procedures.
- Develop security training programs to advance analyst skills and knowledge.
- Perform threat hunting activity independent of standard event alert channels.
- Collaborate with cross-functional business units to advance security operations goals.
- Minimum 8years of comparable experience.
- Experience and background in cybersecurity operations and incident response.
- Experience working in fast paced environments with the ability to manage workload during times of stress or escalated activity.
- Comfortable with impromptu tasking and loosely defined requirements.
- Excellent interpersonal, organizational, communication, and writing skills.
- Detail oriented with excellent analytical and investigative skills.
- In-depth technical knowledge in at least two of the following: Windows disk and memory forensics, Unix or Linux disk and memory forensics, network traffic analysis, static and dynamic malware analysis.
- Solid understanding of IT operations, such as help desk, end-point management, and server management.
- Strong understanding of security operations concepts, such as perimeter defense, BYOD management, data loss protection, insider threat, adversary lifecycle analysis, risk assessment, and security metrics.
- Clear understanding of adversary motivations, such as cybercrime, hacktivism, cyber espionage.
- Good understanding of basic cyber-intelligence techniques.
- Understanding of basic computer science concepts, such as algorithms, data structures, databases, operating systems, networks, and tool development.
- Proficient with Splunk