a Snapshot Of Your Responsibilities

📍Provide incident response and be a key point of contact during all incidents. The analyst will own the incidents from start to finish, which includes investigation, correlation, triage, response, mitigation, ticketing, documentation, postmortem analyses and forensic analysis 📍 Monitor our alert channels, SIEM/SOAR notifications and EDR/IDS/IPS solutions for incidents, threat hunt for malicious activity, triage as needed on a 24x7 basis and continuously tune rules to reduce false positives 📍 Grow and mature our threat intelligence program - gather, analyze and assess threat intelligence to report on the current and future threat landscape, and provide a realistic overview of risks and threats in the enterprise environment 📍 Enhance our detection capabilities with correlation, situational awareness and intel enrichment 📍 Develop strategies to detect new threats as they emerge, including those from the most sophisticated threat actors 📍 Apply knowledge of monitoring, analyzing, detecting and responding to cyber events to develop clever, efficient methods for the SOC to handle all incident types and to weaponize our threat hunting capabilities 📍 Assist in the tuning of EDR/IDS/IPS solutions to improve detection, reduce noise, add IOAs, etc. 📍 Document playbooks and train other team members on new IR processes 📍 Provide integral feedback and guidance on the integration of new playbooks, use cases and workflows to be adopted across the entire InfoSec team, as well as other parts of the organization 📍 Work with developers on the InfoSec team to build security automation workflows, enrichments and mitigations 📍 Evaluate SOC policies and procedures and recommend updates to management as appropriate 📍 Work with the security engineering team to improve tool usage and workflows, as well mature monitoring and response capabilities.

What You Will Need

📍Experience working in cybersecurity operations and incident response, to include utilizing Security Information and Event Management (SIEM) platforms, Intrusion Detection/Prevention Systems (IDS/IPS), and Vulnerability Management and Threat Intelligence applications 📍 3+ of the following certifications: CEH, CISM, GIAC, GCIH, GCIA, GSLC, GICSP, GSEC, CEH, GWAP, CompTIA Net+, CompTIA A+, CompTIA Security+, CASP CE, SEC+, Splunk Core, OSCP, etc. 📍 Proficient operator of security tools such as end point protection/EDR, SIEM, IPS/IDS, HIDS/NIDS, Networking, firewalls, WAFs, Edge/endpoint security, DNS security, layered security, defense in depth practices, vulnerability scanning, malware analysis tools, networking tool for full packet analysis, data encryption, data loss prevention, etc. 📍 Forensics and/or malware analysis experience is a plus, which includes hands-on experience completing malware analysis, memory analysis and disk forensic 📍 Programming/scripting experience (bash, python, PowerShell) 📍 Linux/Unix OS, Windows and Mac administration skills 📍 Intimate understanding of technology and be motivated to constantly learn new technologies 📍 Strong ability to learn and research new things, including tools, languages, frameworks, etc. 📍 Excellent verbal and written communication skills 📍 Collaborative mindset that thrives in fast paced environment