Description

Sr. Cybersecurity Analyst - Incident Response The level 3 (Senior) Cybersecurity Operations Analyst role will be focused primarily building new capabilities and enhancing existing controls in order to further protect the assets and data that we uses to perform business around the world. Incident Management / Response Maintain, Monitor, Develop and support SOAR incident management platform. Perform analysis of escalations from analysts and work to identify process changes and/or automation to increase the efficiency of incident response. Review and analyze all security solutions currently deployed on endpoint assets (workstations and servers) Review and analyze all security solutions to ensure necessary and relevant data is being captured, reviewed, and retained to allow L1-L3 analysts to perform analysis and action effectively Implement security solutions allowing for reduction of agents where possible Identify & implement automation capabilities to reduce the human touchpoint when operational issues occur Build documentation and playbooks for strong processes to support the security posture on systems. Develop and update procedures, and configure tools for security analysts to use. Handle high and critical severity incidents as described in the incident response plan documentation. Create filters, data monitors, dashboards, and reports within case management and monitoring solutions for use by various audiences. Work with L1/L2 analysts and system owners to contain intrusions and recover compromised systems. Partner with other stakeholders to ensure that solutions are improved upon post implementation Architecture Continuous review of the capabilities and configuration of existing security stack managed by Cybersecurity Operations team. Provide input to Design, develop, and implement technical solutions to mitigate security risks. Advise and or create and maintain security policies, standards and procedures for the Cybersecurity Operations team. Provide input \analysis of new security technologies and their applicability to our environment. Education Bachelors Degree, or regional equivalent education required, preferably in a related discipline, such as Cybersecurity, Information Systems, or Computer Science SANS training a plus Additional cybersecurity-focused certifications are a plus (ex. Security+, GSEC, GMON, GDSA, GCDA, CISSP) Experience 5-8 years related professional experience Language Skills English (fluency in reading, writing and speaking) All others are a plus Certifications Security Orchestration, Automation and Response (SOAR) certifications a plus CrowdStrike CCFA/CCFR a plus Elastic Engineer I/II a plus Additional skills Experience with PowerShell / Python scripting for automation and integration Strong experience managing cases with enterprise SIEM systems Experience using the Elastic stack preferred, specifically for security use cases Strong experience managing cases with enterprise SIEM systems Experience using the Elastic stack preferred, specifically for security use cases Experience using Palo Alto XSAOR (Demisto) is a plus Experience with host and network-based security tools desired Non-administrative experience with CrowdStrike Falcon is a plus Experience with identity-based security tools a plus Experience with developing security policies, standards, and procedures Experience using event escalation and reporting procedures a plus Knowledge and understanding of diverse platforms and operating systems, including current and emerging technologies Knowledge of network monitoring, analysis, troubleshooting, and configuration control technologies Knowledge of cyberattack techniques and tools Ability to learn and operate in a dynamic environment Ability to demonstrate analytical expertise, close attention to detail, excellent critical thinking, logic, and solution orientation and to learn and adapt quickly Strong oral and written communication skills Ability to manage simultaneous multiple complex tasks and to bring activities to closure Familiarity with global regulations as well as common IT frameworks and standards (ex. NIST)

Role and Responsibilities

• Sr. Cybersecurity Analyst - Incident Response The level 3 (Senior) Cybersecurity Operations Analyst role will be focused primarily building new capabilities and enhancing existing controls in order to further protect the assets and data that we uses to perform business around the world. Incident Management / Response Maintain, Monitor, Develop and support SOAR incident management platform. Perform analysis of escalations from analysts and work to identify process changes and/or automation to increase the efficiency of incident response. Review and analyze all security solutions currently deployed on endpoint assets (workstations and servers) Review and analyze all security solutions to ensure necessary and relevant data is being captured, reviewed, and retained to allow L1-L3 analysts to perform analysis and action effectively Implement security solutions allowing for reduction of agents where possible Identify & implement automation capabilities to reduce the human touchpoint when operational issues occur Build documentation and playbooks for strong processes to support the security posture on systems. Develop and update procedures, and configure tools for security analysts to use. Handle high and critical severity incidents as described in the incident response plan documentation. Create filters, data monitors, dashboards, and reports within case management and monitoring solutions for use by various audiences. Work with L1/L2 analysts and system owners to contain intrusions and recover compromised systems. Partner with other stakeholders to ensure that solutions are improved upon post implementation Architecture Continuous review of the capabilities and configuration of existing security stack managed by Cybersecurity Operations team. Provide input to Design, develop, and implement technical solutions to mitigate security risks. Advise and or create and maintain security policies, standards and procedures for the Cybersecurity Operations team. Provide input \analysis of new security technologies and their applicability to our environment. Education Bachelors Degree, or regional equivalent education required, preferably in a related discipline, such as Cybersecurity, Information Systems, or Computer Science SANS training a plus Additional cybersecurity-focused certifications are a plus (ex. Security+, GSEC, GMON, GDSA, GCDA, CISSP) Experience 5-8 years related professional experience Language Skills English (fluency in reading, writing and speaking) All others are a plus Certifications Security Orchestration, Automation and Response (SOAR) certifications a plus CrowdStrike CCFA/CCFR a plus Elastic Engineer I/II a plus Additional skills Experience with PowerShell / Python scripting for automation and integration Strong experience managing cases with enterprise SIEM systems Experience using the Elastic stack preferred, specifically for security use cases Strong experience managing cases with enterprise SIEM systems Experience using the Elastic stack preferred, specifically for security use cases Experience using Palo Alto XSAOR (Demisto) is a plus Experience with host and network-based security tools desired Non-administrative experience with CrowdStrike Falcon is a plus Experience with identity-based security tools a plus Experience with developing security policies, standards, and procedures Experience using event escalation and reporting procedures a plus Knowledge and understanding of diverse platforms and operating systems, including current and emerging technologies Knowledge of network monitoring, analysis, troubleshooting, and configuration control technologies Knowledge of cyberattack techniques and tools Ability to learn and operate in a dynamic environment Ability to demonstrate analytical expertise, close attention to detail, excellent critical thinking, logic, and solution orientation and to learn and adapt quickly Strong oral and written communication skills Ability to manage simultaneous multiple complex tasks and to bring activities to closure Familiarity with global regulations as well as common IT frameworks and standards (ex. NIST)