Collect data and context necessary to analyze and triage alerts.
Create tickets to document investigations.
Determine criticality of incident.
Act as an escalation point for junior analysts.
Perform in-depth analysis and end-to-end investigations, from detection to remediation.
Conduct incident response activities such as host triage, malware analysis, remote system analysis, end-user interviews, remediation efforts, and compile detailed investigation reports.
Act as scribe during critical incidents.
Operate as Incident Handler during critical incidents.
Develop new and provide feedback on existing SIEM use cases.
Evaluate existing technical capabilities and systems to identify opportunities for improvement.
Maintain Standard Operating Procedures.
Develop security training programs to advance analyst skills and knowledge.
Perform threat hunting activity independent of standard event alert channels.
Collaborate with cross-functional business units to advance security operations goals.
Minimum 8years of comparable experience.
Experience and background in cybersecurity operations and incident response.
Experience working in fast paced environments with the ability to manage workload during times of stress or escalated activity.
Comfortable with impromptu tasking and loosely defined requirements.
Excellent interpersonal, organizational, communication, and writing skills.
Detail oriented with excellent analytical and investigative skills.
In-depth technical knowledge in at least two of the following: Windows disk and memory forensics, Unix or Linux disk and memory forensics, network traffic analysis, static and dynamic malware analysis.
Solid understanding of IT operations, such as help desk, end-point management, and server management.
Strong understanding of security operations concepts, such as perimeter defense, BYOD management, data loss protection, insider threat, adversary lifecycle analysis, risk assessment, and security metrics.
Clear understanding of adversary motivations, such as cybercrime, hacktivism, cyber espionage.
Good understanding of basic cyber-intelligence techniques.
Understanding of basic computer science concepts, such as algorithms, data structures, databases, operating systems, networks, and tool development.