Apply on Employer Site

PingWind · 1 day ago

Cyber Incident Response Tier III Analyst

Martinsburg, WV

Full-time

Onsite

Senior Level

5+ years exp

PingWind is seeking a Cyber Incident Response Tier III Analyst to support our VA customer. The role involves handling complex incident response tasks, conducting forensic analysis, and collaborating with various teams to enhance cybersecurity operations.

Cyber SecurityInformation TechnologyLogistics

No H1B

Security Clearance Required

Responsibilities

In-depth forensics and root cause analysis for alerts and incidents

Handling Tier 2 ticket escalations by performing forensic root cause analysis and delivering actionable remediation recommendations and or appropriate next steps

Perform post incident analysis to ensure accurate and detailed documentation of incident response activities, including analysis, actions taken, and lessons learned

Work with Watch Officers and Team Leads on a bridge to function as SME for major incidents

Updating playbooks based on findings of the incident trends and outcomes of auditing tasks

Develop and operationalize advanced security analytic use cases to detect and respond to sophisticated cyber threats in real-time

Create dashboards/reports based on these trends or searches to provide clarity of information being defined

Interface with the Cyber Detection Analytics (CDA) Team to recommend tuning based on findings

Support mentoring and training of junior analysts on alerts, playbooks, and tools

Stay informed of latest cybersecurity threats and best practices

Perform real-time monitoring and triage of security alerts in Cybersecurity toolsets including SIEM, and EDR

Make accurate determination of what alerts are false positives or require further investigation and prioritization

Lead and actively participate in the investigation, analysis, and resolution of cybersecurity incidents. Analyze attack patterns, determine the root cause, and recommend appropriate remediation measures to prevent future occurrences

Ensure accurate and detailed documentation of incident response activities, including analysis, actions taken, and lessons learned. Collaborate with knowledge management teams to maintain up-to-date incident response playbooks

Collaborate effectively with cross-functional teams, including forensics, threat intelligence, IT, and network administrators. Clearly communicate technical information and incident-related updates to management and stakeholders

Identify and action opportunities for tuning alerts to make the incident response team more efficient

Monitor the performance of security analytics and automation processes regularly, identifying areas for improvement and taking proactive measures to enhance their efficacy

Leverage Security Orchestration, Automation, and Response (SOAR) platforms to streamline and automate incident response processes, including enrichment, containment, and remediation actions

Support the mentoring and training of more junior IR staff

Stay informed about the latest cybersecurity threats, trends, and best practices. Actively participate in cybersecurity exercises, drills, and simulations to improve incident response capabilities

Qualification

Incident ResponseCybersecurity PrinciplesSIEMForensicsSecurity Operations Center (SOC)Incident Handling CertificationsAnalytical SkillsCommunication SkillsTeam CollaborationProblem-Solving

Required

Ability to obtain Tier 4 / High Risk Background Investigation

Must currently have or be willing to obtain one of the following certifications (or equivalent): GIAC Certified Incident Handler, EC-Council's Certified Incident Handler (ECIH), GIAC Certified Incident Handler (GCIH), Incident Handling & Response Professional (IHRP), Certified Computer Security Incident Handler (CSIH), Certified Incident Handling Engineer (CIHE), EC-Council's Certified Ethical Hacker

Bachelor's degree in computer science, Cybersecurity, Information Technology, or a related field (or equivalent work experience)

5+ years of experience supporting incident response in an enterprise-level Security Operations Center (SOC)

Work 100% on-site Tuesday through Saturday from 3:00 PM to 11:00 PM

A deep understanding of cybersecurity principles, incident response methodologies, and a proactive mindset to ensure our SOC operates effectively in a high-pressure environment

Strong experience with security technologies, including SIEM, IDS/IPS, EDR, and network monitoring tools

Experience with enterprise ticketing systems like ServiceNow

Excellent analytical and problem-solving skills

Ability to work independently and in a team environment to identify errors, pinpoint root causes, and devise solutions with minimal oversight

Ability to learn and function in multiple capacities and learn quickly

Strong verbal and written communication skills

Preferred

Ability to investigate Indicators of Compromise (IOCs) using Splunk by correlating logs from multiple sources to detect, trace, and assess threat activity across the enterprise

Experience leveraging Microsoft Defender for Endpoint (MDE) to perform endpoint investigations, analyze process trees, and validate IOCs during active threat scenarios

Ability to remediate phishing incidents, including analysis of email headers, links, and attachments, identifying impacted users, and executing containment actions such as user lockouts, email quarantine, and domain blacklisting

Experience performing root cause analysis of malware leveraging PowerShell, using tools such as MDE advanced hunting (KQL) and Splunk to identify infection paths, attacker behavior, and persistence mechanisms