Tier II Incident Response Analyst

About The Position

Requirements

• Bachelor’s degree in computer science, Engineering, Information Technology, Cybersecurity, or related field PLUS 4 years of experience in incident detection and response, malware analysis, or cyber forensics.
• Demonstrated understanding of the life cycle of cybersecurity threats, attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques, and procedures (TTPs).
• Familiarity or experience in Intelligence Driven Defense, Cyber Kill Chain methodology, and/or MITRE ATT&CK framework.
• Expertise of Operating Systems (Windows/Linux) operations and artifacts
• In-depth knowledge of each phase of the Incident Response life cycle
• Familiarity with Cloud concepts and experience performing monitoring and responding to threats in Cloud environments.
• 5+ years of intrusion detection and/or incident handling experience.
• Strong experience with Splunk, FireEye, Microsoft MDE (or similar tool).
• Advanced knowledge in planning, directing, and managing Computer Incident Response Team (CIRT) and/or Security Operations Center (SOC) operations for a large and complex Enterprise.
• Mature understanding of industry accepted standards for incident response actions and best practices related to SOC operations.
• Strong written and verbal communication skills, and the ability to create technical reports based on analytical findings.
• Strong analytical and troubleshooting skills.

Nice To Haves

• Deep technical understanding of core current cybersecurity technologies as well as emerging capabilities.
• Hands-on cybersecurity experience (Protect, Detect, Respond and Sustain) within a Computer Incident Response organization including prior experience performing large-scale incident response.
• CISSP and SANS GCIH or GCIA required upon start.

Responsibilities

• Understand Enterprise Network Architectures to include routing/switching, common protocols (DHCP, DNS, HTTP, etc.), and devices (Firewalls, Proxies, Load Balancers, VPN, etc.).
• Recognize suspicious activity/events, common attacker TTPs, perform logical analysis and research to determine root cause and scope of Incidents.
• Drive implementation and improvement of new tools, capabilities, frameworks, and methodologies.
• Instill and reinforce industry best practices in the domains of incident response, cybersecurity analysis, case, and knowledge management, and SOC operations.
• Promote and drive implementation of automation and process efficiencies.
• Familiarity with Cyber Kill Chain and ATT&CK Framework and how to leverage in Security Operations.
• Develop and present status updates to the Federal Team.
• Provide guidance and mentorship to improve analyst skill sets and ensure delivery of high-quality analysis and work products.
• Establish trust and business relationships with customer and other relevant stakeholders.
• Analyze malicious code, packet capture files, and artifacts.
• Identify gaps in logging capabilities and develop and propose strategies to fill gaps.
• Identify and propose automated alerts for new and previously unknown threats.