Position Title: Incident Response Analyst
Schedule: 6am to 6pm CST (40 hours per week within this daily time range) + On-call rotation approx. every 6 weeks
Required Experience: 8 to 11 Years
Duration: Full-Time
Required skills:
- Extensive experience with all phases of incident response. 5+ experience performing complex incident investigations including triage, containment, eradication, evidence collection, after-action reporting, and documentation.
- 5+ years+ experience performing in-depth analysis of security logs and telemetry from a diverse range of sources, including endpoint, network, cloud, and e-commerce systems to identify and contain Security Incidents.
- Strong experience & skills performing incident triage and investigating attacks, malware, and suspicious activity at a process, command, and code-level.
- Mastery of Network (TCP/IP), Linux, or Windows OS server infrastructure
- Technology experience 10+ years, 6+ years of information security
- Excellent English communication skills (written, verbal, and comprehension)
- Ability to work in an on-call rotation that covers a one week time period after normal business hours and on weekends. This requires after hours work and being logged in and online within 15 min for emergency page outs.
- Confident, energetic, driver, leader mentality
- Extremely detail-oriented
- Passionate about information security
- Good Judgement
- Proactivity
- Advanced problem solver
Experience
- Cybersecurity expertise in incident response, monitoring and responding to security events and incidents using established processes, creating processes and procedures where none are already established.
- Experience with artifact identification outside of cybersecurity tools such as log analysis, malware detonation, and endpoint memory analysis.
- Mastery of one or more of the following: SIEM, Firewalls, IDS/IPS, EDR, Proxy, AV, DLP, EuBA, Malware sandboxing and reverse engineering, or Cloud Security.
- Familiarity with common and emerging cyber-attack techniques, TTPs, and IOCs.
- Working in a SOC or providing incident support for a security team
- Leading multi-team incident investigations (must be comfortable in a facilitation role)
- Experience identifying and mitigating web application attacks, C2 beaconing, and/or DPL/Data Exfil.
- Log/protocol analysis, writing RegEx, and experience efficiently analyzing and sifting through thousands of logs to quickly pinpoint/identify suspicious activity.
- Experience with searches in a SIEM (like QRadar or Splunk) and/or an EDR (like Carbon Black, CrowdStrike Falcon).
- Threat hunting in core security tools
Tool Experience
- SIEM (QRadar, Splunk, Google SecOps, etc.)
- Google SecOps, DataDog and/or CrowdStrike Raptor query languages
- Packet/Protocol Analyzers (Wireshark, Fiddler, NetWitness Investigator, NetFlow Analyzer, etc.)
- Memory Analysis Tools (Memoryze, FTK Imager, DumpIt, WinPmem, etc.)
- Regex
