Provide in-depth analysis, response and remediation on cyber incidents and determine course of action(s) to contain and eradicate threats
Provide independent thinking and real-time decision making to diagnose and analyze high severity escalated incidents ensuring critical response and remediation
Perform in-depth analysis, monitoring, research, assessment and recommendations on Intrusion detection and prevention tools, anomaly detection systems, firewalls, antivirus systems and proxy devices
Provide log/network/malware/device analysis and make recommendations for remediation of security vulnerability conditions
Leverage commercial and open source tools to quickly analyze, detect, and respond to cyber security incidents
Develop and maintain documentation of more complex threats and incidents to enhance event monitoring and incident response function and cyber tools
Develop internal documentation, such as detailed procedures, playbooks, and operational metrics reports to improve overall response times
Experience:
Knowledge of operating systems and networking
5+ years of experience with security architectures, devices, proxies, and firewalls
4+ years of experience with Security Tools related to Enterprise Log Management, IDP/IDS, Antivirus, Firewalls, Proxies, DLP, Forensic Analysis and SIEM solutions
Experience in analyzing security event logs and correlating events
Ability to identify gaps in security monitoring and drive process improvements
Effective verbal and written communication skills
Experience in performing intrusion analysis and forensics in cloud environments
Effective skill presenting findings, conclusions, alternatives and information clearly and concisely
Able to work collaboratively with others on time sensitive incidents
Experience in host and network-based forensic/malware analysis
Through understanding of MITRE ATTACK FRAMEWORK
Education:
GCIA, GCIH, Security+ or comparable Information Security certifications
• Working knowledge of IT Security Standards and Frameworks including ISO and NIST