Our client is looking for Senior Cyber Security Incident Response Analyst. You will assist in responding to security incidents in a mission critical production environment, such as investigating and remediating possible endpoint malware infections, mitigating threats such as unauthorized use, spam and phishing. You will coordinate response, triage and recovery activities for security events affecting the companys information assets. You will report to Cyber Security Incident Response Manager.
5-7 years of Information Security or Incident Response related experience.
2+ years of hands-on experience in at least two of the following areas: security operations, incident response, network/host intrusion detection, threat response.
Bachelors degree in Information Security, Computer Science, Information Technology, related field or equivalent work experience.
Demonstrated experience in handling security events in mission critical environments; hands-on troubleshooting, analysis, and technical expertise to resolve incidents and service requests.
Proven past experience in day-to-day operational processes such as security monitoring, data correlation, troubleshooting, security operations etc.
Good grasp of security incident response, such as different phases of response, vulnerabilities vs threats vs actors, Indicators of Compromise (IOCs), etc.
Experience analyzing system and application logs to investigate security issues and/or complex operational issues.
Strong knowledge of enterprise detection technologies and processes (Advanced Threat Detection Tools, IDS/IPS, Network Packet Analysis, Endpoint Protection).
Demonstrated experience with utilizing SIEM (such as Splunk, LogRythm etc) in investigating security issues and / or complex operational issues on Windows and Unix .
Strong knowledge of network protocols and operating systems (Windows, Unix, Linux, Databases).
Your Work Falls into Three Primary Categories:
Security Events and Incidents
Manage security events identified from enterprise SIEM tool, Threat Intelligence, end user notifications, etc. to determine security risk and respond accordingly.
Coordinate response, triage and escalation of security events affecting the companys information assets and activities within the Incident Response team.
Categorize, prioritize, and normalize an event to determine if it meets the threshold of a potential incident and declare an incident, if required following documented process.
Communication and Collaboration
Effectively collaborate within Information Security with Security Operations, Threat Intel, Forensics, Threat Detection and Vulnerability management teams as well as external teams in various lines-of-business to enable enhancements in Freddie Macs security posture.
Present security analysis, action plan and risks to different audiences and adjust the delivery accordingly (business, technical and management) using either structured presentations or ad-hoc, and establish consensus.
Augment Incident Response team to ensure 24/7 coverage and operations. Responsibilities occasionally will require working evenings and weekends, sometimes with little or no advanced notice.
Routinely develop and update incident response playbooks to ensure response activities align with best practices, minimize gaps in response and provide comprehensive mitigation of threats and also provide guidance to junior analysts on Incident Response activities.
Base Salary and relocation provided for this role.
Please email me your word format resume along with your contact information.
Cyber Security Incident Response siem IPS