Senior Cyber Defense Incident Responder

About The Position

Requirements

• An understanding of cyber security operations processes, procedures, guidelines and solutions, including practical experience of cyber kill chain principles
• In-depth understanding of Windows, UNIX, and Linux operating systems, networking, malware defenses, and perimeter controls.
• Knowledge of TCP/IP networking and core Internet protocols such as UDP, ICMP, DNS, FTP, SMTP, HTTP, SNMP, etc.
• Ability to contribute to the development of SIEM use cases.
• Strong oral and written communications skills (e.g., technical writing, user guide development, requirements analysis) and ability to interact effectively with technical and non-technical audiences, as well as present in front of small and large groups.
• Understanding of how to read and interpret malware analysis reports.
• Self-starter with a sense of urgency who takes ownership and responsibility for service delivery
• Works independently with minimal guidance to drive projects to completion, while also working collaboratively with the team to achieve strategic goals
• Professional, clear, and concise communication to both technical and non-technical audiences
• Strong deductive reasoning, critical thinking, problem solving, prioritization, and consultative skills
• Proven organizational skills (time management and prioritization), and also employ a rigorous process for all follow-up / coordination activities
• Comfortable working in a dynamic environment, balancing multiple incidents, special projects, and other activities.
• Ability to deal diplomatically and effectively at all levels of the business including both technical and non-technical staff, management and senior leadership.
• Willingness to support and develop junior team members while also delivering on candidate’s own responsibilities.
• Experience with security monitoring, event and anomaly analysis and intrusion detection/ prevention techniques and an in-depth understanding of Python.

Nice To Haves

• Bachelor’s degree or equivalent practical experience is preferred.

Responsibilities

• Investigate potential cyber-attacks and intrusion attempts.
• Leverage aggregated cyber threat intelligence, log, network flow, and anomaly data for analysis, research and the identification of potential compromise within AIG’s infrastructure or applications.
• Perform root cause analysis to identify gaps and provide technical and procedural recommendations that will reduce AIG’s exposure to cyber-risks.
• Prioritize incoming requests to minimize risk exposure and ensure the timely completion of critical tasks and the escalation of time-sensitive issues.
• Support the development and maintenance of documented play-book procedures, knowledge articles, and training material.
• Create detailed incident and analysis reports, and provide concise summaries for management.
• Communicate effectively with other stakeholders of our incident response efforts, including representatives of the business units, technology specialists, vendors, and others.
• Contribute to our efforts to drive continuous improvement by recommending and collecting various key metrics for reporting to senior management on Incident Response.

Benefits

• Volunteer Time Off and Matching Grants Programs
• learning opportunities
• tuition reimbursement program