The Incident Response Analyst uses the various security tooling to investigate and respond to various security incidents. The IR Analyst is a subject matter expert in Incident Management and Response. The IR Analyst interacts with other teams to enable escalation and remediation, as needed.
Using various Threat Intelligence sources, as well as security tools, the IR Analyst can effectively prioritize and eradicate any active threat and vulnerability.
The Incident Response Analyst documents policies and processes related to Incident Management, and keeps them current.
The IR Analyst keeps track of activities and progress on incident tickets.
- The main focus for the position is Incident Response, but a strong knowledge of various security tooling, systems in the cloud, on-prem systems and networking is required, at least on a conceptual level.
- Coordinates and assists in the review, monitoring and/or auditing of applicable daily Security Log Activity and Events. Take action as necessary; escalate to senior staff if required. Logs could include, but are not limited to the following:
- Vulnerability Scans – Kubernetes/Containers
- Vulnerability Scans – Database
- Vulnerability Scans – PCI ASV
- Active Directory Changes
- User Activity
- Netflow Analytics
- Firewall and ACL Changes
- DAST Scan Results (e.g. Acunetix, Burp Suite, Nessus, etc)
- Group Policy Changes
- Cloud security tooling
- Where needed, update or create documentation for the overall Incident Management Program, use of security tools, such as SOPs, architecture documentation, ...
- Support our compliance programs (such as PCI) by helping implementing and documenting controls, examining evidence for compliance to standards.
- You have experience with Blue Team exercises. (Red Team / Purple Team is a plus)
- Knowledge of Forensics is a plus.
Knowledge, Skills and Abilities:
- Possess an understanding of PCI Compliance and EU GDPR Requirements
- Strong knowledge of multiple security tools for both Cloud and On-Prem scenarios.
- Good knowledge of AWS (Amazon Web Services), GCP (Google Cloud Platform), Azure, or other cloud platforms and related technologies is strongly desired.
- Strong knowledge of SIEM, such as Splunk, and related tooling and automation.
- Provide support for strategic business process/reengineering consulting as appropriate and work on multiple technically complex high profile projects.
- Demonstrate an understanding of key IT operational policies, processes and methodologies applicable to governance, risk management and compliance.
- Demonstrable experience with integration in Splunk or other SIEMs for various security tools.
- General understanding of security fundamentals (cryptography, least privilege, segregation of duties,…) and general security technologies, including operating systems, network security (firewalls, VPNs, etc.), security event management, business continuity, physical security, identity management, directory services, etc.
- Knowledge of Active Directory, DDNS, Group Policy (GPO), Microsoft Windows Server and Desktop operating systems, Linux, ...
- Strong work ethic, including consistent documentation and tracking of activities.
- Ability to work in fast paced, rapidly changing environment and a strong desire to learn
- You are a self starter, and require only minimal guidance to get results.
- This position may require on-call activities at off-hours
Generally requires experience in the following:
- 3-5 years’ experience in information systems as a system administrator or engineer, cloud administrator, network administrator or security engineer with at least two of those with direct incident response / incident management duties
- Experience with cloud, systems, and network security
- Experience with containers (Docker, Kubernetes, …) strongly desired
- Experience with various tooling in the Information Security space
- Experience working with, and setting up alerts and queries in Splunk or other SIEM tools
- Knowledge of IT/Information Security Audit and assessment.
- Knowledge of PCI DSS and EU GDPR
- Knowledge researching, analyzing and recommending information security solutions
- A working knowledge of information security practices and concepts including intrusion detection/ prevention, access controls, risk analysis, vulnerability scanning, and data encryption.
- Strong organizational, excellent written, verbal and interpersonal communication skills are needed to work effectively with a wide variety of staff, outside consultants and vendors.
- Bachelor’s Degree in Information Technology, Information Security, Computer Science, or related field required.
- Advanced industry certification strongly desired, e.g. SANS GIAC, CompTIA Security+, CISSP, CISM, GIAC Certified Incident Handler (GCIH)