19 Sep
Detection and Response Analyst
Vacancy expired!
- Works in 24x7 Cyber Fusion Center to provide monitoring and detection/response services.
- Detects and responds to security incidents by leveraging detection/response platforms.
- Triage security incidents and perform in-depth analysis through the use of cyber threat intelligence, intrusion detection systems, firewalls and other boundary protection devices.
- Escalates cybersecurity events according to playbooks and standard operation procedures (SOPs).
- Assists with containment and remediation of threats during incidents. Uses internal ticketing system to track investigated incidents and capture relevant details.
- Conducts threat hunting activities based on internal and external threat intelligence.
- Assists with service requests from customers and internal teams.
- Provides executive facing written updates and reports.
- Assists in training/mentoring junior team members as needed.
- Ability to work various 12-hour shifts, including weekends and holidays, supporting the 24x7 Cyber Fusion Center. Must be able to work both day and night shifts. Shifts rotate quarterly.
- At least 3 years of cybersecurity experience with a focus on Incident Detection, Incident Response and/or Security Operations.
- BA/BS in Computer Science, Information Security, or Information Systems or equivalent related work experience.
- Experience interfacing with internal and external customers, providing remediation actions to non-technical audiences.
- Working knowledge of enterprise-level security technologies such as SIEM and ticketing systems.
- Willing to work in a highly collaborative environment with a focus on project delivery and desired business outcomes.
- Experience with Splunk and other SIEM platforms, enterprise intrusion prevention systems, endpoint detection and response tools, and other security products.
- Experience supporting large scale incident investigations.
- Experience interfacing with a variety of cybersecurity teams (such as red team, cyber threat intelligence, data loss prevention, etc).
- Security certifications: Security+, CASP, GCFA, GCIH, GCFE.
Vacancy expired!