Job Title: Senior Cyber Security Incident Response Analyst
Position Type & Duration: Direct Hire
Location & Remote Flex:
Has to be in one of the offices: Scottsdale/Phoenix, Chicago
Hybrid Schedule: 3 days On-site (Wednesdays on-site)
The Cyber Security Incident Response Analyst III is part of a high-performance team, responsible for detecting, identifying, mitigating and responding to critical or urgent threat situations.
Essential Functions
- Trains, coaches and mentors team members on efficient and advanced threat hunting and investigation techniques
- Leads maintenance of policies, standards and procedures
- Leads analyst requests for new or modified cyber security alerts
- Interfaces with CISO and as part of the Cyber Security Incident Response roles
- Performs detection and investigative analysis activities for a variety of digital devices, computers, storage media, servers, networks, and cloud-based services
- Performs advanced host and network forensics and malware analysis; Investigates and responds to incidents; provides recommendations to improve company’s security posture. Escalates complex issues as needed.
- Performs security incident handling efforts in response to a detected incident, and coordinates with other stakeholders
- Performs the tracking of investigations and incidents through resolution
- Performs standard procedures for incident response to counteract the detected threats
- Uses data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze events that occur within their environments for the purposes of mitigating threats.
- Performs network/system/application/log intrusion detection analysis and trends
- Performs complex analysis of potentially malicious activities and software
- Maintains awareness of trends in security, regulatory, technology, and operational requirements, including
- Maintains awareness of current threat landscape, including adversary tactics, techniques, and procedures.
- Creates procedural documentation and tools for automated analysis and correlation activities
- Represents the Security Operations team at internal and external threat intelligence and cybersecurity forums
- Performs on-call activities when required
- Ensures the company's commitment to protect the integrity and confidentiality of systems and data.
Minimum Qualifications
- Education and/or experience typically obtained through completion of a Bachelor’s degree or 2 year degree in Computer Science, Engineering, Math or Physical Science.
- Minimum 7 years of progressive information security technology experience
- Proven advanced analytical skills across various technologies
- Advanced understanding of Networking and security concepts
- Advanced understanding of Windows, Linux/Unix and Mac Operating Systems
- Experience in identifying, triaging, and escalating tickets based on severity and malicious activity.
- Experience in responding to malicious threats coming from various sources
- Experience with the incident response process
- Ability to work within a team environment as well as independently
- Ability to train, coach and mentor junior analysts and improve upon existing skillsets
- Effective communication skills to speak and write for all technology experience levels.
- Effective interpersonal skills, able to comfortably present to peers, coworkers, and customers
- A propensity for continued development of skills though research and training
- Background and drug screen.
Preferred Qualifications
- Additional related education, certifications and/or experience is beneficial
- Subject matter expert within Malware Analysis, Network Analysis, Incident response, or forensic analysis domains.
- Subject matter expert in one or more security tools such as EDR platforms, DLP tools, phishing platforms or SIEMs
- Working experience in cloud technology security
- Experience utilizing Security Orchestration Automation Response (SOAR) tools
