The firm's Cybersecurity – Incident Response team is seeking an experienced security analyst to participate in the day-to-day operations of its incident response team. The incumbent will be responsible for analyzing securityevents, investigating potentially compromised endpoints, and driving security incidents to resolution. In addition, the incumbent will be responsible for proactively hunting and analyzing unidentified threats in the environment. Other duties will consist of operationalizing new – and tuning existing – security alerts and use cases, assisting in developing and training junior staff, and working with business partners to identify and close gaps in visibility.
KEY RESPONSIBILITIES AND DUTIES:
- Minimize the dwell time of threat actors by monitoring, triaging, and responding to securityevents; maintaining thorough documentation in the case management system; and coordinating investigation and remediation of security incidents.
- Actively hunting for and analyzing previously-unidentified threats in the environment, with little-to-no direction; documenting indicators and other TTPs in order to detect the identified threat actor activity.
- Develop and maintain standard operating procedures, use cases, and other documentation to reflect day-to-day security operations.
- Train, mentor, and assist in the development of other security analysts within the Detection & Response Team.
- Provide 24/7 emergency response support in the event of security related incidents.
- Minimum 7 years of relevant IT work experience
- Minimum 5 years information security experience
- Experience working with common operating systems, specifically experience performing endpoint investigations and forensic examinations
- Experience in handling security incidents, to include endpoint forensics, network forensics, malware analysis, reviewing raw log files, data correlation, and analysis of disparate data sources (i.e. firewall, network flow, IDS, system logs)
- Experience with enterprise information security data management and log aggregation tools
- Experience performing root cause analysis, impact, and remediation in support of suspected intrusion or malware related incidents
- 5-8 years information securityexperienceteam lead and mentoring experience is preferred
- Bachelor's degree in computer science, information technology, or related field preferred, not required
- Industry-recognized information security certifications are preferred, but not required
- Must have strong verbal and written communication skills, with equally strong multi-tasking and documentation skills
- Experience creating new security alerts, reports, or other monitoring capabilities
- Experience with performing malware analysis (static properties and dynamic) and reverse engineering
- Solid experience - scripting languages such as (or similar to) Python, PERL & Ruby
- Previous experience in other information security roles, such as penetration testing, vulnerability management, threat intelligence, content development, or risk management
- Must be able to proactively perform duties and responsibilities with minimal guidance