Incident Response Analyst

Qualification

Good to have Licenses, and Certifications :

GSEC, GCIH, GCFE, GREM

CISSP or SSCP desired

Education

Possess a Computer Science Bachelors Degree or substantial equivalent experience

Experience :

• Some professional experience in information security with a Focus on incident response and forensics
• Foundational knowledge of IR concepts and best practices, including forensics and chain-of-custody
• Experience with common IR tools such as SIEM, log management, IDS, breach detection systems (APT / BDS / EDR), and packet capture.
• Broad understanding of TCP / IP, DNS, common network services, and other foundational topics
• Working knowledge of malware detection, analysis, and evasion techniques
• Able to conduct static and dynamic analysis of malware to extract indicators of compromise, profile malware behavior, and provide recommendations for mitigating and detecting malware; Able to analyze suspicious websites, script-based and malware code
• Experience with vulnerability management tools such as Qualys, Nessus, or other vulnerability scanning discovery tools
• Broad familiarity with the threat landscape and the ability to adapt practices to evolving circumstances
• Identify, analyze, and report threats within the enterprise by using information collected from a variety of sources (IDS / IPS, SIEM, AV), to protect data and networks. Implement techniques to hunt for known and unknown threats based on available threat intelligence reports and knowledge of the attacker's TTPs
• Able to gather and analyze facts, draw conclusions, define problems, and suggest solutions
• Maintain critical thinking and composure under pressure
• Strong written and oral communication skills. Ability to convey complex concepts to non-technical constituents. Proficiency in oral and written English
• Capable of assisting with the preparation of internal training materials and documentation
• Able to be productive and maintain focus without direct supervision
• Passionate in the practice and pursuit of IR excellence
• Can exhibit a disciplined and rigorous approach to incident handling
• Willing to accommodate shift-based work for a global organization
• Provide exemplary customer service by striving for first-call resolution and demonstrating empathy, respect, professionalism, and expertise
• Experience with digital forensics on host or network and identification of anomalous behavior on the network or endpoint devices. Familiar with host and network-based forensic tools such as EnCase, FTK, Sleuth Kit, X Ways, etc.

Know-how

• Demonstrates the ability to identify the real issue, and to anticipate requirements and potential consequences; distills a range of possibilities by thinking in a considered, prudent manner
• Has the capacity to take on new ideas and develop knowledge and think holistically about business and address media, analyst, employee, and client audiences.
• Able to move through a variety of tasks requiring different approaches, knowledge, and expertise, with the agility of mind and capacity for analysis and synthesis.