CSIRT Analyst/ SOC Analyst/Security Incident Analyst

CSIRT Analyst/ SOC Analyst/Security Incident Analyst

29 Sep 2024
Georgia, Marietta, 30006 Marietta USA

CSIRT Analyst/ SOC Analyst/Security Incident Analyst

Vacancy expired!

As a member of Client's Cyber Security Incident Response Team (CSIRT), the Tier 2 Incident Analyst will coordinate the response activities for cyber security incidents across the Global company environment. The successful candidate will focus on reviewing, triaging, analyzing, and remediating cyber security incidents. The Tier 2 analyst is the escalation point for level one event analysts, and as such, will handle validated cyber security incidents, in accordance with the cyber security incident response process. The successful candidate will perform functions such as log analysis, conduct in-depth technical analysis of network traffic and endpoint systems, enrich data using multiple sources, and will be responsible for rapid handling and mitigation of cyber security incidents.

The candidate will join a team of event analysts and incident res ponders, and will have an opportunity to participate in a number of Global cyber security initiatives. Successful candidates should be familiar with incident response processes, network investigative techniques, network intrusion patterns, malware analysis, and cyber security trends and issues.

This position requires that the candidate be a .

1. MUST HAVE - 3-6 years’ experience working in incident response and/or other IT related fields tied to networking and enterprise information system environments.
a. Preference is true Incident Response experience, where the candidate has worked investigations related to enterprise network compromise.
2. MUST HAVE – Hands on experience with security tools
a. Splunk – advanced Splunk query language, ability to create dashboards, does not need oversight in performing Splunk searches to support an investigation
b. EDR Experience (Crowdstrike or Carbon Black) including scripting, live host analysis, extracting artifacts
c. Ability to analyze PCAPs commonly pulled for Network Defense tools
3. MUST HAVE - Good written and verbal communications skills. Tier 2 analysts have to write investigation reports which are often shared with auditors, regulators, and executive management MUST HAVE – In depth knowledge of network protocols, enterprise architecture, and common network logging functions.
4. MUST HAVE – Experience with log analysis, malware analysis, forensic analysis.
5. MUST HAVE – Functional knowledge of the MITRE Telecommunication&CK framework
• NICE TO HAVE – Threat hunting experience using long tail analysis, least frequency of occurrence, anomalies using large sets of data
• NICE TO HAVE – Scripting experience (Perl, Python, Powershell, bash, etc)
• NICE TO HAVE – Attacker Methodology, Red Team, Pen Testing
• NICE TO HAVE - Bachelor’s degree in a technology field preferred.
• NICE TO HAVE – SIEM experience, specifically with Splunk ES and/or QRadar
• NICE TO HAVE – In depth malware analysis and working knowledge of Windows assembly code (artifact collection, disassembly, identifying execution, persistence, and network connections)

Related jobs

Job Details

  • ID
    JC46080519
  • State
  • City
  • Job type
    Permanent
  • Salary
    $100,000 - $115,000
  • Hiring Company
    ApTask
  • Date
    2022-09-09
  • Deadline
    2022-11-07
  • Category

Jocancy Online Job Portal by jobSearchi.