Description:
The ideal candidate would have a working knowledge of current and relevant security technologies and how to apply them to cyber incident response actions. A clear investigative methodology with a focus on preserving evidence and analyzing data to form conclusions that will steer response directions. Experience responding to multi-faceted security events and incidents and assisting with the coordination of subsequent response efforts prioritizing mission critical elements.
The role involves regular interaction with various groups and leadership within the organization to accomplish job responsibilities. Working closely with the Cyber Response Manager the Incident Responder will manage workflows, escalations, and advance technical processes to build program maturity and growth. The successful candidate will be responsible for participating in the following activities:
- Supervise daily shift operations, ensuring consistent performance, prioritization, escalations, and adherence to company standards
- Monitor KPIs and shift metrics, identifying areas for improvement to address with Management
- Conduct shift handovers for seamless transitions between their shift
- Act as primary point of contact for escalations, prioritizing more critical items and providing details to Management on interesting items that happened during the shift
- Oversee and triage ticket queues focusing on prioritization, potential impact, and escalations
- Lead review of tuning requests for their shift
- Support Incident response as an acting member on the response team, working escalated tickets for identified security threats
- Perform root cause and forensic log analysis for security incidents to determine enterprise risk, impact, and effective remediations needed across multiple technology platforms (Cloud, Hosts, Networks, Applications, Email)
- Analyze threat data from multiple sources and identifying security incidents and events of importance for direct escalation to Incident Commander(s).
- Identify, articulate, and explain attack vectors, threat tactics, and attacker techniques to technical and non-technical stakeholders including senior leadership
- Take appropriate containment response actions on multiple platforms, or in some cases Handoffs to partner teams
- Function as Incident Handler for security incidents to drive containment and remediation action items for various platforms, environments, and technologies
- Collaborate with internal teams, external partners, and vendors to resolve active Cyber Incidents
- Provide detailed timeline analysis to showcase evidence-based conclusions on entry vectors, lateral movement, and campaign correlation
- Keep detailed notes on all analysis activity, documented in the case management tool to validate process adherence.
- Contribute to the strategic creation and updating of new and existing response process documentation.
- Provide On-Call support for escalated events for 1 week on rotation with other Incident Responders
Qualifications
- Bachelor’s Degree/Masters Degree in an IT related field and/or equivalent work experience
- Minimum 5 years working in Cyber Defense with experience in Incident Response, Security Operations Center (SOC), detection engineering, or similar functions.
- Previous experience supporting or leading incident response functions.
- Experience using industry-standard security toolsets in a layered defense model
- Working knowledge of core Enterprise IT concepts (web application architectures, networking, etc.)
- Experience with host-based and network-based forensics tools and analysis
- Knowledge of the cyber threat landscape to include different types of adversaries, campaigns, and the motivations that drive them
- Knowledge of industry recognized security and analysis frameworks (Mitre ATT&CK, Kill Chain, Diamond Model, NIST Incident Response, etc.)
- Exceptional written and verbal communication skills
- Must be self-motivated and able to work both independently and as part of a team
- Strong communication (both verbal and written) and client intimacy skills with experience briefing corporate executives and professionals
- Ability to be on call and provide support during non traditional working hours