Lead Cyber Defense Analyst - Remote

About The Position

Requirements

• 5+ years of information security experience working within a Security Operations Center or Cyber Security Incident Response Teams; at least 1 of which ideally includes experience as a team lead
• Bachelor's Degree in Computer Science, Computer Engineering, Information Systems, Information Security, or a related field.
• History of interpreting device and application logs from a variety of sources (e.g., Firewalls, Proxies, System Logs, Splunk) to identify cause
• 1+ professional certifications related to Digital Forensics, Incident Response, or Ethical Hacking(e.g., GCIH, GMON, GSOC, CEH, GCFA, ENCE)
• Information security management certifications (CISSP, CISM)
• Knowledge of the Incident Response Life Cycle, MITRE ATT&CK Framework, and Cyber Kill Chain
• Understanding of common Operating Systems (Windows, Linux, Mac OS), Networking (Firewalls, Proxies, NetFlow), Cloud Infrastructure (AWS, Azure, GCP), and Security Technologies (Anti-Virus, Intrusion Prevention, Web Application Firewalls)
• Experience with Security Monitoring applications such as SIEM (e.g., QRadar, Splunk), EDR (e.g., CrowdStrike Falcon, Microsoft Defender)
• Experience with SOAR technologies such as Palo Alto XSOAR and Google SecOps (Chronicle)
• Security analysis and architecture knowledge using tools including Defender for Cloud, Wiz.io, GuardDuty, CloudTrail, or CloudWatch.
• Record of improving the way work is performed, originating action and ideas to lead enhancements to existing processes.
• Abvailable to work outside of normal work hours to respond to cybersecurity incidents

Responsibilities

• Monitor the daily operations of the team, being the primary liaison between analysts and leadership
• Provide advanced support and act as a designated contact for the Cyber Defense Analysts (e.g., consulting on investigation / analysis)
• Oversee response activities for security events and alerts associated with cyber threats, intrusions, or compromises
• Use investigative experience and technical skills to analyze events using security tooling and logging (e.g., SIEM, EDR) and assess potential risk
• Monitor for anomalous changes in metrics, notable open incidents, quality concerns, or observed risks
• Complete assigned caseload throughout the incident response lifecycle, including analysis, containment, eradication, recovery, and lessons learned
• Ensure incident updates are performed, documented and that case hand-off processes are completed
• Be a mentor to Cyber Defense Analysts, providing feedback on the quality of work to analyst(s) and management
• Lead the development of relevant Standard Operating Procedures (SOPs), and training materials
• Collaborate with the Cyber Threat Intelligence (CTI) and content development teams (Threat Detection Engineering) on use case developments

Benefits

• Great compensation package and bonus plan
• Core benefits including medical, dental, vision, and matching 401K
• Flexible work environment, ability to work remote, hybrid or in-office
• Flexible time off including volunteer time off, vacation, sick and 12-paid holidays