GPS - Incident Response Analyst - Associate

About The Position

Requirements

• Bachelor’s Degree in Computer Science, Cybersecurity, Computer Engineering or related field; or equivalent relevant experience
• 0–2 years of relevant experience or internships in cybersecurity, incident response, or digital forensics
• Foundational understanding of Windows operating systems
• Basic understanding of SaaS, PaaS, and IaaS cloud concepts
• Familiarity with evidence handling procedures and chain-of-custody principles
• Understanding of common cyber-attack techniques and MITRE ATT&CK framework
• Ability to work collaboratively across physical and virtual locations
• Action-oriented with a proactive approach to learning and problem solving
• Ability to operate in high-security, least-privilege environments
• Ability to obtain and maintain a Top Secret Security Clearance

Nice To Haves

• Exposure to Microsoft Azure and Microsoft 365 environments
• Basic familiarity with PowerShell or another scripting language
• Introductory experience supporting cloud or endpoint security operations
• Awareness of NIST 800-171 and CMMC security concepts
• Entry-level certifications such as AZ-900, Security+, or equivalent

Responsibilities

• Assist with acquisition and collection of computer artifacts (e.g., malware, system/user logs, data artifacts) in support of Cyber Defense engagements
• Support triage of system assets and assist in determining evidentiary value
• Assist with correlating forensic findings to network events
• Collect and document system state information (e.g., running processes, network connections)
• Support forensic triage activities to help determine scope, urgency, and potential impact
• Track and document forensic analysis activities under supervision
• Assist with collection, processing, preservation, analysis, and presentation of computer-related evidence while maintaining chain-of-custody requirements
• Support coordination efforts with GPS Enclave staff to validate and investigate alerts
• Assist with tuning and building alerts and analytics within SIEM platforms
• Support Vulnerability Management and DLP solution activities by assisting with validation and documentation
• Participate in developing and maintaining incident response procedures and documentation
• Assist with analysis of forensic images and contribute to forensic write-ups
• Support documentation and publication of Computer Network Defense (CND) guidance and reports

Benefits

• medical and dental coverage
• pension and 401(k) plans
• wide range of paid time off options
• flexible vacation policy
• designated EY Paid Holidays
• Winter/Summer breaks
• Personal/Family Care
• other leaves of absence