Job Description - Information Security Incident Response Analyst Job Summary : The Incident Response Analyst will assist in creating follow the processes and procedures necessary for the detection, response and remediation of cyber related attacks on the enterprise. This role assists with the support of Incident Response related technologies such as Security Information and Event Monitoring (SIEM), data loss prevention (DLP), mail filter, web application firewall and related endpoint, mobile and cloud controls.
Principal Duties:
- Respond to security alerts from SIEM platform and perform alert investigations.
- Recommends a course of action on each alert.
- Provides support in the detection, response, mitigation, and reporting of real or potential cyber threats to the organization and assist in the automation of these processes.
- Maintains skills and capabilities required to support to maintain, process, and develop intelligence products that are actionable to internal SOC functions, Cyber Security stakeholders, and the business areas.
- Provide input for standard operating procedures, run books and related templates.
- Participate in tabletop exercises.
- Update the incident response plan and procedures based upon direction of others.
- Use SIEM platform and provide feedback.
- Test and validate general alerting use cases in SIEM.
- Interact with third party managed security service provider(s).
- Assist in day to day support of security controls managed by Incident Response team.
- Monitor for external threats and research proactive risk mitigation and response activities.
- Create the necessary interpersonal networks among information security and IT to perform job function.
- Support forensic investigations and data acquisition supporting legal holds.
Essential Functions:
- Strong written and verbal communication skills, interpersonal and collaborative skills.
- Knowledge of methodologies and trends in both information security and IT.
- Poise and ability to act calmly and competently in high-pressure, high-stress situations.
- Must be a critical thinker, with strong problem-solving skills.
- Ability to participate in a project under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
- High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.
- High degree of initiative, dependability and ability to work with little supervision while being resilient to change.
- Maintain a working environment conducive to positive morale and teamwork.
- Ability to be on-call 24x7x365 rotation for information security incidents.
Basic Requirements:
- 6 months to 1 year of experience in a combination of information security and IT.
- Very basic understanding of relevant legal and regulatory requirements, such as: Payment Card Industry Data Security Standard.
- Degree in technology-related field preferred, or equivalent work- or education-related experience.
- Pursuing professional security certification such as Certified Forensic Investigator (CFI), Certified Forensic Examiner (CFE), Certified Hacking Forensic Investigation (CHFI), GFCA Certified Forensic Analyst (GIAC) or other similar credentials.
- Introductory knowledge of incident response standards such as NIST 80-61, Computer Security Incident Handling Guide and ISO/IEC 27035:2016, information security incident management
- Introductory knowledge of information security concepts and technologies such as: networking, network segmentation, vulnerability scanners, firewalls, IPSIDS, network analyzers, data loss prevention, security event management, encryption technologies, proxies, cloud services, mobile devices, etc.
