Computerworld · 2 days ago
Incident Response Analyst
Wonder how qualified you are to the job?
Information TechnologyNews
Insider Connection @Computerworld
Responsibilities
Assess cybersecurity incidents to investigate, validate, respond, and recover the environment, and perform additional activities such as root cause analysis and resilience recommendations. Serve as the primary escalation point for the SOC in the event of an incident.
Communicate and coordinate with internal and external teams during incidents and breaches.
Design, implement, and document IR processes, procedures, playbooks, and guidelines.
Participate in breach and attack simulation and purple teaming exercises to stress test the incident response plans and playbooks.
Compose and deliver executive-level reports, presentations, and postmortems for key stakeholders.
Provide relevant, strategic recommendations to help improve the security posture of an organization during and after an incident.
EDR/IDS/IPS
NDR/Network
Identity Provider (IdP) authentication policies
Email defense platforms
Integration of threat intelligence feeds with security policy enforcement points
SIEM and XDR detections
Security orchestration, automation, and response (SOAR) playbook development
Apply knowledge of monitoring, analyzing, detecting, and responding to cyber events to develop clever, efficient methods and technology to detect all types of threat.
Document specifications, playbooks, and detections - not as an afterthought, but through the whole process.
Work with developers to build security automation workflows, enrichments, and mitigations.
Evaluate policies and procedures and recommend updates to management as appropriate.
Qualification
Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.
Required
Bachelor’s degree or equivalent practical experience in incident response, computer science, cybersecurity, information technology, software engineering, information systems, or computer engineering
Four or more years in an incident response role required
Malware analysis, digital forensics, data/network analysis, penetration testing, information assurance, leading incident handling preferred
Programming and scripting languages, preferably Python and PowerShell
Strong written and verbal communication skills; must be able to effectively communicate to all levels of staff up to executive-level management, customers (internal and external), and vendors
Deep understanding of computer systems and concepts, including operating systems, computer networking, cloud computing
Continually updated understanding of and ability to recognize and categorize types of vulnerabilities, exploits, and associated attacks
Continually updated understanding of and ability to identify, capture, contain, and report malware
Ability to preserve evidence integrity in keeping with standard operating procedures and/or national standards
Motivation to continually improve the incident response program and associated policies and procedures
Identification of opportunities to improve collaboration and communication with internal and external stakeholders to mitigate incidents and follow protocols
On-Call nights and weekends based on response SLA requirements
Curiosity and tenacity as related to forensic investigations and threat hunting
Ability to work effectively under pressure; previous experience as an emergency medical responder, firefighter, or related high-pressure environment preferred but not required
Willingness and experience in supporting people from a variety of backgrounds and areas across the organization
Common attacker types and motivations (e.g., nation-state sponsored, ransomware gang, script kiddie, insider threat, etc.)
Familiar with and have worked within security frameworks such as: NIST SP 800-61, Attack lifecycle, SANS Security Controls, MITRE ATT&CK, Kill chain, OWASP Top 10
SANS Security 500 Series or other industry standard equivalent recommended but not required
Public Trust
Must be a U.S. Citizen
Preferred
Scripting and automation for use in SOAR is a plus
Ability to work effectively under pressure; previous experience as an emergency medical responder, firefighter, or related high-pressure environment preferred but not required
Preference given for CCE, CCFE, CEH, CPT, CREA, GCFE, GCFA, GCIH, GCIA GIAC, Splunk Core, OSCP, SANS Security 500 Series or other industry standard equivalent
SANS Security 500 Series or other industry standard equivalent recommended but not required