Threat & Incident Response Specialist

Basic Purpose:

Primarily focused on security operations, threat intelligence and incident response. Will respond to security alerts, perform threat hunting, respond and escalate critical alerts. Will help enhance and optimize the threat intelligence platform and incident response processes. Will also help with tuning and optimization of security events and alerts.

Experience/Skills:

·      Must have proficiencies:

o  Experience & advanced knowledge & understanding of threat TTP's (tactics, techniques & processes) and MITRE framework

o  Experience & advanced knowledge of threat hunting and incident response processes (identification of critical vs informational alerts)

o  Experience in building detection use cases

o  Experience using Splunk

o  Understanding of User Authentication, Endpoint and Network / Firewall security events and baselining

·      Desirable proficiencies:

o  Carbon Black Endpoint Security

o  Microsoft Defender Suite

o  Email security tools like Avanan or Proofpoint

o  Qualys

o  MISP (Malware Intelligence Sharing Platform)

Competencies:

·      Must be security minded and well versed in security principles and best practices

·      Professional security certifications are a plus (CISSP, GIAC, or relevant product certs)

·      Ability to work effectively with limited direction and guidance

·      Strong analytical, organizational and time management skills

·      Ability to communicate clearly and effectively