• Incident Handler I

    Branch/Office
    SERVICE CENTER
    Department
    SECURITY OPERATIONS CENTER
    City
    ROY
    Address
    4059 SOUTH 1900 WEST
    Position Status
    40 HR
    Schedule
    Mon- Fri
  • Overview

    This position will be responsible for interfacing with users to assist them with reports of suspicious or malicious activity and serve as the first line of defense, including maintaining responsibility for identifying and responding to security threats.  Working with the Incident Handler II, this position will maintain responsibility for incident confirmation, response, data collection, investigation, and analysis. Leverage knowledge of computer and network architecture to provide analysis during investigations, identifying adversarial activity and methods for future detection and prevention. Use a combination of open source research, network and host forensic analysis, log review and correlation, and PCAP analysis to complete investigations. Compose and present reports on findings to leadership after intrusion incidents. Assists in the incident lifecycle, ensuring all investigations are kept current and are completed.

    Responsibilities

     

    • Monitors SIEM and logging environments for security events and alerts to threats, intrusions, and/or compromises
    • Escalates cyber security events according to runbooks and standard operation procedures (SOPs)
    • Documenting event analysis and writing comprehensive reports of incident investigations
    • Proactively provide feedback on SOC operational processes and procedures
    • Participate in after hours on-call rotation when required
    • Routinely checks various log sources and network monitoring tools for indicators of a security incident, events and alerts.
    • Develops automated scripts and tools to handle and track vulnerability remediation efforts.
    • Conduct routine assessments for rogue or unauthorized wireless access points / devices.
    • Monitors industry sources for emerging security risks, defenses, and best practices.
    • Problems resolution, including ownership through resolution
    • Assists other Systems Administrators and Help Desk staff as required
    • Systems design and specifications for hardening and security baselines
    • Intrusion Detection and Threat Vulnerability management
    • Knowledge of network trouble shooting and management tools
    • Manage and support the security technologies within the team’s jurisdiction
    • Research, design, participate in or lead the implementation of low to moderate complexity security initiatives.
    • Monitor compliance and adherence to security policies and assist with violation investigations.
    • Provide support and evidence collection for internal and external audits.
    • Monitoring and processing of configuration change requests and service desk tickets.
    • Proactively identify threats and vulnerabilities, and collect, correlate, and analyze data to detect actual or potential unauthorized access to networks and systems.
    • Assist in the evaluation of the type and severity of security events.
    • Resolve issues by taking the appropriate remediation action or by following escalation procedures.
    • Conduct forensics investigations as required.

    Qualifications

    Training/Education/Certification
    • Must have three or more years of relevant experience in IT security and network
    • Bachelor’s degree in computer science, engineering or equivalent combination of education and experience preferred
    • Must be goal orientated, action-focused, pragmatic and self-disciplined.
    • Experience in a SOC environment including network monitoring
    • Should possess in-depth knowledge and understanding of concepts, protocols, best practices and principles as a means of relating IT risk, IT audit, and compliance requirements to meet the needs of the business

     

    Certification(s) Preferred: Currently hold one of the following
    • GIAC Certified Incident Handler (GCIH);
    • GIAC Certified Intrusion Analyst (GCIA);
    • GIAC Certified Forensic Analyst (GCFA);
    • GIAC Certified Forensic Examiner (GCFE);

     

    Requirements
    • Hands-on troubleshooting, analysis, and technical expertise to resolve incidents and service requests; previous experience in troubleshooting day-to-day operational processes such as security monitoring, data correlation, security operations etc.
    • Proven experience performing analysis of security events and incidents, to determine root cause and provide resolution; working experience against advanced persistent threats
    • Basic understanding of application, network, operating system, and core infrastructure security concepts and concerns
    • Working knowledge of at least three of the following security tools: firewalls, IDS/IPS, server and network hardening, data loss prevention, forensics software, vulnerability management, website security, anti-spam solutions, host-based intrusion detection
    • Ability to research policies, procedures, standards, and guidance, and apply under specific conditions for the protection of information and information systems
    • Ability to prepare and execute detailed computer system analysis, including interim and final reports and presentation of analysis data
    • Technical knowledge and implementation experience with security and networking architecture, networking protocols, network security design, wireless security, intrusion prevention/detection, and firewall architecture
    • Provide independent, general analysis of potential malware and exploits
    • Provide threat intelligence, research, and reporting on incident response and relevant cyber security threats
    • Experience with SIEMs and or Event Management tools
    • Windows system internals and ability to identify common indicators of compromise from dead or live systems and live memory using tools such as the SysInternals suite, RegRipper, Volatility, HBGary Responder or other live response tools;
    • Dynamic and static malware analysis and sandboxing with the ability to reverse engineer and debug malware samples using tools such as IDA Pro, Responder Pro or OllyDbg, including defeating anti debugging, packing and obfuscation techniques.

     

    Skills/Abilities
    • Strong analytical and problem-solving skills
    • Well organized, with good verbal and written communications skills
    • Ability to prioritize and plan projects effectively
    • Ability to assist others and share knowledge with other team members
    • Able to use PC, terminal keyboards, and various computer hardware

    Apply

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed