Senior Cybersecurity Analyst


The Role

The Senior Cyber Security Analyst will lead the investigations of escalated security incidents based on the tiered Incident Response approach. The primary purpose of this position is to serve as an expert in providing technical analysis, assessment and mitigation recommendations for escalated security incidents where deep technical knowledge is required.

  • Ensure timely response to any cyber incident to minimize risk exposure and production down time
  • Conduct incident response activities, including advanced investigation (forensic analysis to include evidence seizure and malware analysis) to investigate potential security incidents
  • Safely acquire and preserve the integrity of cyber security data required for incident analysis to help determine the technical/operational impact, root cause(s), scope and nature of the incident
  • Analyze and correlate incident data to develop a preliminary root cause and corresponding remediation strategy
  • Evaluate target systems to analyze results of scans, identify and recommend resolutions
  • Utilize incident response playbooks to follow established and repeatable processes for triaging and containment of an incident
  • Provide timely, comprehensive and accurate information to the CSIRT Manager in both written and verbal communications
  • Advise junior CSIRT team members on the technical steps to take to investigate and resolve cyber security incidents
  • Routinely develop and update incident response playbooks to ensure response activities align with best practices, minimize gaps in response and provide comprehensive mitigation of threats

The Requirements

  • Minimum of ten (10) years of experience in the Cybersecurity field
  • Minimum of five (5) years of Information Technology experience with Windows OS platforms
  • Minimum of five (5) years of experience as a Level 2 (or above) as Cyber Security Incident Response Analyst performing incident handling, forensics, sensor alert tracking and cybersecurity incident case management
  • Minimum of five (5) years of experience working with security technologies such as IDS/IPS, Firewalls, SIEM, Network Packet Analyzers, Antivirus, Network Behavior Analysis tools, Malware analysis, Firewalls, DLP, endpoint protection, log collection and analysis
  • Strong working knowledge of security relevant data, including network protocols, ports and common services such as TCP/IP protocols and application layer protocols (e.g., HTTP/S, DNS, FTP, SMTP, etc.)
  • Knowledge of the Computer Security Incident Handling Guide, NIST 800-61 r2
  • Professional certifications commensurate with experience, i.e. GCFA, GCIH, etc.
  • Hands on experience with scripting languages such as Python, Perl, Bash, PowerShell or similar
  • Knowledge of privilege escalation, persistence and lateral movement techniques
  • Knowledge of common malware and exploit tools and techniques
  • Minimum of five (5) years of experience with chain of custody, forensic tools and methodologies
  • Knowledge of Cloud security and incident response in a Cloud environment
  • Understanding of the Kill Chain and Diamond Method of Analysis
  • Ability to communicate technical details in writing and verbally to non-technical and junior CSIRT team members
  • Experience in developing and maintaining Run-Books
  • Strong critical thinking and analytical problem-solving skills
  • Work and communicate within a global team environment
Posted: July 7, 2018
<< Back to Job-Board