Incident Handler II

Location : State/Province (Full Name) Utah
Branch/Office
SERVICE CENTER
Department
SECURITY OPERATIONS CENTER
City
ROY
Address
4059 SOUTH 1900 WEST
Weekly Hours
40 HR
Schedule
Mon- Fri
# of Openings
1

Schedule

Mon- Fri

Overview

This position will be responsible for interfacing with users to assist them with reports of suspicious or malicious activity and serve as the first line of defense, including maintaining responsibility for identifying and responding to security threats.  Maintain responsibility for incident confirmation, response, data collection, investigation, and analysis. Leverage knowledge of computer and network architecture to provide analysis during investigations, identifying adversarial activity and methods for future detection and prevention. Use a combination of open source research, network and host forensic analysis, log review and correlation, and PCAP analysis to complete investigations. Compose and present reports on findings to leadership after intrusion incidents. Manage the incident lifecycle, ensuring all investigations are kept current and are completed.

Responsibilities

  • Understands SIRT functions and participates in analysis, containment, and eradication of cyber security events and incidents.
  • Handle cyber security incidents in accordance with the incident response program.
  • Perform analysis of logs from various security controls, including, but not limited to, firewall, proxy, host intrusion prevention systems, endpoint security, application and system logs, to identify possible threats to network security.
  • Analyze volatile system data. Collaborate with level one event handlers to improve prevention and detection methods.
  • Assist Team Lead working with the business and management to analyze current and emerging security risks and recommends security solutions and changes.
  • Performs network and system security testing to proactively identify security vulnerabilities and recommend / implement mitigation and remediation plans.
  • Assist the Team Lead the identification of advanced security systems and controls to ensure the monitoring and configuring of security appliances
  • Provide assistance working with the Security Operations Team Lead and SIEM administrators to create processes that support the analysis of log files from a variety of enterprise level systems and sensors to include individual host logs, network traffic logs, firewall logs, and intrusion detection/prevention system logs
  • Provide advanced network event analysis and intrusion analysis for forensic purposes
  • Provide assistance in the implementation, maintenance, and monitoring of the information security program into in-scope operational areas (gap analysis, risk assessment, third party assessments, procedure/specification development, execution of recurring procedures, incident response)
  • Run incident response process including the use of forensic techniques, tools, and procedures
  • Troubleshoots complex systems and networking problems. Performs investigative research, analysis and troubleshooting to identify, resolve, and report highly complex security issues.
  • May perform network and host-based penetration testing using internal and commercially available tools and/or coordinate and manage third party penetration testing activities.
  • Performing in-depth forensic analysis on captured logs, network traffic collections, volatile memory or host images to identify and trace breach indicators and develop actionable threat intelligence
  • Forensically securing, preserving, and capturing volatile or physical disk data from workstations, laptops, servers, and network infrastructure devices thereby establishing that the evidential integrity of the data is not compromised
  • Researching and developing new procedures, scripts, tools, and techniques to continually refine and update our incident response processes;

 

 

 

Assumes responsibility for establishing and maintaining effective communication, coordination, and working relations with area staff and management

  • Keeps management informed of significant problems and of progress attained in reaching established objectives. Provides recommendations for establishing new and more effective programs and future equipment needs. Suggests related procedural changes
  • Assists and supports the rest of the team as needed
  • Prepares reports of activities, records, and other required documents
  • Attends and participates in meetings and committees as required
  • Works with server, desktop, and laptop administrators to ensure their systems are fully patched and follow established security hardening procedures

 

Assumes responsibility for related duties as required or assigned

  • Stays informed of changes in computer technology
  • Keeps work area clean, secure, and well-maintained
  • Completes special projects as assigned
  • Assists with security assessments of credit union systems
  • Assists with the security assessment of various software purchases, external vendors and technology service providers

Qualifications

Training/Education/Certification

  • Must have five to ten years’ experience in Information Security with a focus on Incident Response, Security Engineering, and or Intrusion Detection
  • Bachelor’s degree in computer science, engineering or equivalent combination of education and experience preferred
  • Experience working in a Security Operations Center
  • Must be goal orientated, action-focused, pragmatic and self-disciplined.

 

Certification(s) Preferred:  Require 2 (GCIH and one other Analyst)

  • GIAC Certified Incident Handler (GCIH);
  • GIAC Certified Intrusion Analyst (GCIA);
  • GIAC Certified Forensic Analyst (GCFA);
  • GIAC Certified Forensic Examiner (GCFE);
  • GIAC Reverse Engineering Malware (GREM); and,
  • GIAC Network Forensic Analyst (GNFA).

 

Requirements

  • Experience with log analysis, malware analysis, forensic analysis.
  • Hands on experience with security tools, such as Splunk and network forensic and capture tools.
  • Windows system internals and ability to identify common indicators of compromise from dead or live systems and live memory using tools such as the SysInternals suite or other live response tools
  • In-depth technical knowledge of Mac OS X and Linux Operating Systems. 
  • Experience administering or securing DB2, z/OS, Oracle, SQL Server databases
  • Scripting languages such as Python, Perl, or PowerShell and their use in forensic analysis & live incident response, or experience using other programming languages to develop software for host-centric, network-centric or log-centric security analysis.
  • Splunk or similar SIEM experience from the perspective of creating searches and understanding how to pivot in the data fields to follow an investigation.
  • Understanding of the APT Kill Chain
  • Advanced networking skills are required including WAN, Wireless, Firewall, VPN, Proxy and Intrusion Prevention
  • Must have experience with analysis of network traffic and usage of Deep Packet Inspection tools. 
  • Experience with disk and memory forensic tools. 
  • Solid understanding of Incident Response, Cyber Kill Chain, Threat Modeling, and Attack Vectors.
  • Knowledge of web application vulnerabilities with ability to triage/verify OWASP Top 10 issues. 
  • Hands-on troubleshooting, analysis, and technical expertise to resolve incidents and service requests; previous experience in troubleshooting day-to-day operational processes such as security monitoring, data correlation, security operations etc.
  • Proven experience performing analysis of security events and incidents, to determine root cause and provide resolution; working experience against advanced persistent threats
  • Strong working knowledge of at least three of the following security tools: firewalls, IDS/IPS, server and network hardening, data loss prevention, forensics software, vulnerability management, website security, anti-spam solutions, host-based intrusion detection
  • Ability to research policies, procedures, standards, and guidance, and apply under specific conditions for the protection of information and information systems
  • Ability to prepare and execute detailed computer system analysis, including interim and final reports and presentation of analysis data
  • Technical knowledge and extensive implementation experience with security and networking architecture, networking protocols, network security design, wireless security, intrusion prevention/detection, and firewall architecture
  • Assist in the troubleshooting and resolution of complex cyber security issues
  • Provide independent, sophisticated analysis of potential malware and exploits
  • Provide threat intelligence, research, and reporting on incident response and relevant cyber security threats
  • Experience with SIEMs and or Event Management tool

 

 

Skills/Abilities

  • Strong analytical and problem-solving skills
  • Well organized, with good verbal and written communications skills
  • Ability to prioritize and plan projects effectively
  • Ability to assist others and share knowledge with other team members
  • Able to use PC, terminal keyboards, and various computer hardware

Apply

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed