Responsibilities

📍Investigate alerts, triage, deep dive and come up with proper action items and remediation plans. 📍Perform host-based analysis, artifact analysis, and malware analysis in support of security investigations and incident response. 📍Coordinate investigation, containment, and other response activities with business stakeholders and groups 📍Develop incident analysis and findings reports for management, including gap identification and recommendations for improvement. 📍Recommend or develop new detection logic and tune existing sensors/security controls. 📍Work with security solutions owners to assess existing security solutions ability to detect/mitigate the above mentioned TTPs. 📍Creating custom SIEM queries and dashboards to support the monitoring and detection of advanced TTPs against the company network.

Minimum Requirements

📍3+ years experience working in an Incident Response/Cyber Security Operations Center (in-house or outsourced) creating, escalating, and managing security incidents and creating incident reports. 📍Managing low to high-risk cybersecurity events, alerts, and incidents, event monitoring, and analysis, and responding to and escalating IT/DevOps security events and threats and vulnerabilities. 📍Collaborating with stakeholders to drive incident response and remediation. 📍Development of common runbooks for most frequent or critical incident types. 📍3+ years of working with security tools such as SIEM, Analytics & Intelligence, Intrusion Detection, Malware detection, Data Loss Protection, and Identity & Access Management 📍Solid understanding of system and security controls on at least two OSs (Windows, Linux / Unix, and MacOS (Advantage), including host-based forensics and experience with analyzing OS artifacts. 📍Problem solver, an in-depth thinker with a growth mindset. 📍Excellent communication skills and ability to work collaboratively with other teams