This position will be responsible for interfacing with users to assist them with reports of suspicious or malicious activity and serve as the first line of defense, including maintaining responsibility for identifying and responding to security threats. Working with the Incident Handler II, this position will maintain responsibility for incident confirmation, response, data collection, investigation, and analysis. Leverage knowledge of computer and network architecture to provide analysis during investigations, identifying adversarial activity and methods for future detection and prevention. Use a combination of open source research, network and host forensic analysis, log review and correlation, and PCAP analysis to complete investigations. Compose and present reports on findings to leadership after intrusion incidents. Assists in the incident lifecycle, ensuring all investigations are kept current and are completed.
• Must have three or more years of relevant experience in IT security and network
• Bachelor’s degree in computer science, engineering or equivalent combination of education and experience preferred
• Must be goal orientated, action-focused, pragmatic and self-disciplined.
• Experience in a SOC environment including network monitoring
• Should possess in-depth knowledge and understanding of concepts, protocols, best practices and principles as a means of relating IT risk, IT audit, and compliance requirements to meet the needs of the business
Certification(s) Preferred: Currently hold one of the following
• GIAC Certified Incident Handler (GCIH);
• GIAC Certified Intrusion Analyst (GCIA);
• GIAC Certified Forensic Analyst (GCFA);
• GIAC Certified Forensic Examiner (GCFE);
• Hands-on troubleshooting, analysis, and technical expertise to resolve incidents and service requests; previous experience in troubleshooting day-to-day operational processes such as security monitoring, data correlation, security operations etc.
• Proven experience performing analysis of security events and incidents, to determine root cause and provide resolution; working experience against advanced persistent threats
• Basic understanding of application, network, operating system, and core infrastructure security concepts and concerns
• Working knowledge of at least three of the following security tools: firewalls, IDS/IPS, server and network hardening, data loss prevention, forensics software, vulnerability management, website security, anti-spam solutions, host-based intrusion detection
• Ability to research policies, procedures, standards, and guidance, and apply under specific conditions for the protection of information and information systems
• Ability to prepare and execute detailed computer system analysis, including interim and final reports and presentation of analysis data
• Technical knowledge and implementation experience with security and networking architecture, networking protocols, network security design, wireless security, intrusion prevention/detection, and firewall architecture
• Provide independent, general analysis of potential malware and exploits
• Provide threat intelligence, research, and reporting on incident response and relevant cyber security threats
• Experience with SIEMs and or Event Management tools
• Windows system internals and ability to identify common indicators of compromise from dead or live systems and live memory using tools such as the SysInternals suite, RegRipper, Volatility, HBGary Responder or other live response tools;
• Dynamic and static malware analysis and sandboxing with the ability to reverse engineer and debug malware samples using tools such as IDA Pro, Responder Pro or OllyDbg, including defeating anti debugging, packing and obfuscation techniques.
• Strong analytical and problem-solving skills
• Well organized, with good verbal and written communications skills
• Ability to prioritize and plan projects effectively
• Ability to assist others and share knowledge with other team members
• Able to use PC, terminal keyboards, and various computer hardware