Description
Sr. Cybersecurity Analyst - Incident Response
The level 3 (Senior) Cybersecurity Operations Analyst role will be focused primarily building new capabilities and enhancing existing controls in order to further protect the assets and data that we uses to perform business around the world.
Incident Management / Response
Maintain, Monitor, Develop and support SOAR incident management platform.
Perform analysis of escalations from analysts and work to identify process changes and/or automation to increase the efficiency of incident response.
Review and analyze all security solutions currently deployed on endpoint assets (workstations and servers)
Review and analyze all security solutions to ensure necessary and relevant data is being captured, reviewed, and retained to allow L1-L3 analysts to perform analysis and action effectively
Implement security solutions allowing for reduction of agents where possible
Identify & implement automation capabilities to reduce the human touchpoint when operational issues occur
Build documentation and playbooks for strong processes to support the security posture on systems.
Develop and update procedures, and configure tools for security analysts to use.
Handle high and critical severity incidents as described in the incident response plan documentation.
Create filters, data monitors, dashboards, and reports within case management and monitoring solutions for use by various audiences.
Work with L1/L2 analysts and system owners to contain intrusions and recover compromised systems.
Partner with other stakeholders to ensure that solutions are improved upon post implementation
Architecture
Continuous review of the capabilities and configuration of existing security stack managed by Cybersecurity Operations team.
Provide input to Design, develop, and implement technical solutions to mitigate security risks.
Advise and or create and maintain security policies, standards and procedures for the Cybersecurity Operations team.
Provide input \analysis of new security technologies and their applicability to our environment.
Education
Bachelors Degree, or regional equivalent education required, preferably in a related discipline, such as Cybersecurity, Information Systems, or Computer Science
SANS training a plus
Additional cybersecurity-focused certifications are a plus (ex. Security+, GSEC, GMON, GDSA, GCDA, CISSP)
Experience
5-8 years related professional experience
Language Skills
English (fluency in reading, writing and speaking)
All others are a plus
Certifications
Security Orchestration, Automation and Response (SOAR) certifications a plus
CrowdStrike CCFA/CCFR a plus
Elastic Engineer I/II a plus
Additional skills
Experience with PowerShell / Python scripting for automation and integration
Strong experience managing cases with enterprise SIEM systems
Experience using the Elastic stack preferred, specifically for security use cases
Strong experience managing cases with enterprise SIEM systems
Experience using the Elastic stack preferred, specifically for security use cases
Experience using Palo Alto XSAOR (Demisto) is a plus
Experience with host and network-based security tools desired
Non-administrative experience with CrowdStrike Falcon is a plus
Experience with identity-based security tools a plus
Experience with developing security policies, standards, and procedures
Experience using event escalation and reporting procedures a plus
Knowledge and understanding of diverse platforms and operating systems, including current and emerging technologies
Knowledge of network monitoring, analysis, troubleshooting, and configuration control technologies
Knowledge of cyberattack techniques and tools
Ability to learn and operate in a dynamic environment
Ability to demonstrate analytical expertise, close attention to detail, excellent critical thinking, logic, and solution orientation and to learn and adapt quickly
Strong oral and written communication skills
Ability to manage simultaneous multiple complex tasks and to bring activities to closure
Familiarity with global regulations as well as common IT frameworks and standards (ex. NIST)