60 applicants

This job has closed.

Company

Original Job Post

Center for Internet Security · 1 week ago

Senior Cyber Incident Response Team Analyst

USA

Full-time

Remote

Senior Level

$91K/yr - $122K/yr

3+ years exp

Wonder how qualified you are to the job?

AssociationCyber Security

Insider Connection @Center for Internet Security

Discover valuable connections within the company who might provide insights and potential referrals, giving your job application an inside edge.

Responsibilities

Provide Incident Response, Computer Forensics, and Malware Analysis services to SLTT governments, as well as internal teams at CIS

Perform forensic analysis in response to cyber-attacks and computer security breaches on compromised SLTT systems and networks with diverse architecture, operating systems, and size, to identify the extent and nature of the compromise and provide recommendations on containment, eradication, and remediation steps

Conduct incident response calls with SLTT governments, as well as third party vendors, external incident response teams, and/or cyber insurance companies

Provide detailed technical reports to document the findings that result from both forensic analysis and incident response cases for internal and external organizations

Guide partners through the incident response process and technical investigations, utilizing excellent verbal communication skills effective for coaching and supporting victims in response to crisis, specifically cyber attacks

Ability to provide consultation to third party SLTT government organizations with diverse technical backgrounds and skill sets, including review and analysis on external networks, typically unknown to CIRT

Identify indicators of compromise (IOCs) from SLTT networks to support community network defense

Perform consultation services in conjunction with incident response planning and best practices, delivered in presentations, webinars, blogs, and podcasts

Support and respond to any security-related questions or incidents reported from MS-ISAC/EI-ISAC members

Analyze previously undisclosed software and hardware vulnerabilities

Collaborate across internal CIS functions and other MS-ISAC and EI-ISAC teams to provide excellent cybersecurity services

Assist with improvements to policies, procedures, technologies, tools, techniques, and operational efficiencies

Responsible for complex tasks, assignments, and projects, including but not limited to, the training and development of new computer forensic analysts

Perform tasks independently with some oversight

Other tasks and responsibilities as assigned

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

SecurityNetwork AdministrationIncident ResponseOperating SystemsWindowsLinuxMacOSWindows FundamentalsProtocolsServer InfrastructureMonitoring SoftwareSystem SecurityApplication SecuritySecurity VulnerabilitiesSecurity ControlsDHS Fitness ReviewForensicsMalware AnalysisScriptingPythonWindows PowerShellGOTechnical PresentationsReport WritingLog AnalysisForensic MethodologiesMagnet AXIOMCyber TriageSANS SIFTKroll’s KAPE

Required

Bachelor’s degree in Digital Forensics, Cybersecurity, Computer Science, or a related field

3+ years’ experience in Security, Network Administration, or equivalent knowledge

Knowledge of incident response procedures, processes, and techniques

Experience with various operating systems, such as Windows, Linux, and MacOS

Thorough knowledge of networking and Windows fundamentals, specific to that of protocols, internal tools, server infrastructure, monitoring software, etc.

Comprehension of system and application security threats and vulnerabilities

Knowledge of various host and network-based security controls

The position is open to U.S. Citizens and requires a favorably adjudicated DHS Fitness Review for Public Trust Positions

Preferred

3+ years experience with Incident Response, Forensics, and/or Malware Analysis

Experience with scripting or markup languages such as Python, Windows PowerShell or GO

Experience delivering technical presentations and reports and ability to articulate technical processes and information to a non-technical audience

Familiarity with interpreting, querying, and accessing various log types (e.g., Windows Event, Web server, Firewall logs, etc.)

Working knowledge of forensic methodologies and related tools such as Magnet AXIOM, Cyber Triage, SANS SIFT, and Kroll’s KAPE. Additionally, familiarity with open-source tooling such as the Eric Zimmerman toolset, etc.

Certifications in related areas (e.g., GCIH, GCFA, GCFE, ECIH, CYSA+, CCFE, CFCE, etc.)

Experience in conducting threat hunting in a SIEM and/or EDR suite, and/or manual network investigations

Knowledge of adversarial tactics, techniques, and procedures with an understanding of mapping these to the MITRE framework

Demonstrated history of service to the community, either in a volunteer or professional capacity

Additional years of relevant experience or a combination of an Associate’s degree or equivalent and relevant experience may be substituted for the Bachelor’s degree.

Factors that may cause a negative Fitness Review decision include: Criminal Conduct, Dishonest Conduct, Employment Misconduct, Alcohol Abuse, Drug Use (illegal drug use or use of a legal drug in a manner that deviates from approved medical direction), False Statements, Have not resided in the US for three (3) of the past five (5) years