1002990 Senior Incident Response Analyst
As a senior member of the Cyber Engineering & Operations team, you are equally committed to safeguarding our data as well as finding new and innovative ways to protect it in the future. The Sr. incident Response Analyst will help the development of a highly motivated team, laser-focused on analyzing, designing, developing and delivering solutions built to stop adversaries and strengthen our operations.
You ll use your experience to give guidance, best practice advice and support across all our business and portfolio companies. You ll work directly with management to lead incident response, risk reviews, vulnerability assessments, and the identification of threats. You ll assist in hardening our policies, and identifying emerging trends to strengthen our strategic roadmap. You ll keep management and stakeholders in the loop with findings and trends contributing to our extensive awareness and knowledge sharing campaigns. As part of Advance s global team of technologists and innovators, your work will have a massive impact, both on us as a parent company, as well as our portfolio companies around the world.
This position is responsible for eyes-on-glass monitoring across our tech stack and resolution of security incidents. You will use defensive measures and information collected from a variety of sources to detect, analyze, and mitigate events that occur or might occur within the network to protect information, information systems, and networks from threats. You will also be called on to guide and/or support some remediation efforts as well.
The candidate must have hands-on experience in incident response programs, vulnerability scanning, network engineering, threat analysis and security monitoring. Primary Responsibilities:
- Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts
- Provide timely detection, identification, and alerts of possible attacks/intrusions, anomalous activities, and misuse activities, and distinguish these incidents and events from benign activities
- Identifies false-positives and false-negatives from alerting
- Create and test new alerting opportunities based on analytical methods like anomaly detection, or to detect malicious techniques
- Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation
- Support all cybersecurity incident response efforts; Assist with real-time security incident handling and tracking (e.g., intrusion correlation/tracking, threat analysis, and direct system remediation) tasks to support Incident Response Team
- Collaborate and support various internal technology teams and service providers on security related issues and provide guidance and recommendations as necessary
- Participate in security technology evaluation/selection processes and various security implementation projects as necessary
- Technical writing/creation of formal documentation such as architecture diagrams, technical designs, and SOPs
- Assist with the coordination involved in the performance of all forms of security testing including penetration test, compromise assessments and vulnerability scans.
FOR IMMEDIATE CONSIDERATION
- Minimum of 3 years of experience working in a Security Operations Center functioning in a Security Analysis, Incident Response, Attack Analysis, or Computer Network Defense (CND) capacity in a large, mission-critical environment
- Knowledge of common network ports, protocols, and tools
- Experience in host forensics
- Experience in log analysis and security event correlation tools (ex. Splunk Enterprise Security)
- Comprehensive understanding of regular expressions
- Experienced in supporting a heterogeneous environment: Windows, Mac, Cloud, etc.
- This role requires experience effectively communicating event details and technical analysis, to technical audiences within the global cyber organization and other technology groups
- Comprehensive understanding of network services, vulnerabilities and attacks
- Ability to conduct packet analysis, decode and perform packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump)
- Knowledge of how to troubleshoot basic systems and identify operating systems-related issues
- Experience with reviewing raw log files, data correlation, and analysis (i.e. firewall, network flow, IDS, system logs)
- Comprehensive knowledge of network design, defense-in-depth principles and network security architecture
- Skilled in conducting vulnerability scans and recognizing vulnerabilities in security systems
- Knowledge of Intrusion Detection System (IDS) tools and applications
- Experience with a scripting language such as Perl, Ruby, Python, and BASH
- Understanding of database structure and queries
- Knowledge of Windows/Unix ports, services and command line
- Skilled in network mapping and recreating network topologies
- TCP/IP, IPv6, UNIX, Windows, HTTP and related network tools is required
- Knowledge of common network tools (e.g., ping, traceroute, nslookup)
- Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions via intrusion detection technologies
- Experience with Malware / Reverse Engineering with ability to assist in Static and Dynamic Analysis
email your updated resume to Eric Anderson at ...@apexsystems.com with 'Sr. Incident Response Analyst' in the subject title.
Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at 844-###-####-6178.