Detection & Response Analyst

Summary: The Senior Detection and Response Analyst role will provide ongoing support to the Regional Security Operations program. In this role the Detection and Response Analyst is expected to maintain an effective 24x7 monitoring and detection services to internal and external clients Essential Functions:

• Act as the point of escalation for all security incidents; provide expert level feedback regarding current monitoring and ways to improve it.
• Ensure that the ID Analysts’ daily work activity is completed to the required quality levels and timelines, by verifying that their responsibilities are executed, in accordance with the expectations set by the ID Team Lead.
• Triage security incidents and perform in-depth analysis using Cyber Threat Intelligence, intrusion detection systems, firewalls and other boundary protection devices.
• Maintain an understanding of the overall threat landscape (cyber, malware, botnets, phishing, DDoS, physical).
• Provide 24x7 coverage to support the RSOC services; Participate in an on-call rotation.
• Train and mentor team members within the Incident Detection Team.
• Improve the effectiveness and efficiency of day-to-day operations.
• Assist with service requests from customers and internal teams.
• Assist with containment and remediation of threats during incidents. Use internal ticketing system to track investigated incidents and capture relevant details.
• Support Incident Response efforts as needed, including providing counsel, working with the IR team, as well as other involved stakeholders within the organization and customers to drive forward remediation activities.
• Conduct threat hunting activities based on internal and external threat intelligence.
• Provide expert level feedback regarding current monitoring and ways to improve it.
• Improve the effectiveness and efficiency of day-to-day operations.
• Create and update daily and monthly reports.
• Contribute to the creation of documentation to standardize processes and procedures, including playbooks to improve internal processes and procedures.
• Use investigation findings to identify gaps and recommend security posture improvements.
• Identify, recommend, coordinate, and deliver timely knowledge to support teams.
• Other tasks and responsibilities as assigned by leadership.

Competencies:

• Experience working with cyber security tools and software such as Sentinel, Splunk, ATP, Symantec End Point, TrendMicro Antivirus, McAfee Web Gateway, Checkpoint Firewalls, Bluecoat, Sourcefire, Active Directory, or relevant cyber security assets.
• Excellent critical thinking, logic, and solution orientation and to learn and adapt quickly.
• Ability to learn and operate in a dynamic environment.
• Detail-orientated and analytical skills; Problem-solving skills.
• Strong verbal and written communication skills.
• Proficient with Microsoft Office & documentation skills (Word, Excel, PowerPoint)

Other Duties:

• Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.

Position Type/Expected Hours of Work:

• This is a full-time position. Ability to work various 10-hour shifts, including weekends and holidays, supporting the 24x7 Cyber Fusion Center. Must be able to work both day and night shifts. Shifts rotate quarterly.

Travel:

• This position may require 10% or less travel.

Required Education and Experience:

• 2+ years of experience in Security Operations monitoring.
• Experience with Security Operations processes, procedures, and services Advanced knowledge of network monitoring and network exploitation techniques.
• Strong technical background in security, network, infrastructure, cloud, applications.
• Knowledge of risk assessment tools, technologies and methods.
• Experience with common attack vectors, including advanced adversaries (nation state/financial motivation).
• Knowledge around common web application attacks including SQL injection, cross-site scripting, invalid inputs, and forceful browsing.
• Knowledge of how common protocols and applications work at the network level, including DNS, HTTP, and SMB.
• Experience working with cyber security tools and software such as Splunk, ATP, Symantec End Point, TrendMicro Antivirus, McAfee Web Gateway, Checkpoint Firewalls, Bluecoat, Sourcefire, Active Directory, or relevant cyber security assets.
• Technical certifications such as GCIA, GCFA, GCIH or CASP is a plus.

Apply tot his job Apply To this Job