Cyber Security Incident Response
Posted on Nov 14, 2018 by Request Technology
I fortune 500 company is in need of a Cyber Security Incident Response Senior. This individual will be responding to Security incidents, such as investigating and remediating endpoint malware infections. Also, mitigating threats such as unauthorized use, spam, and phishing. This candidate needs to have at least 2 years of hands on experience with security operations, incident response, network/host intrusion detection, and threat response.
- Manage security events identified from enterprise SIEM tool, Threat Intelligence, end user notifications, etc. to determine security risk and respond accordingly.
- Categorize, prioritize, and normalize an event to determine if it meets the threshold of a potential incident and declare an incident, if required following documented process.
- Analyze and research known indicators of compromise (IOCs), correlate events, identify malicious activity, and take appropriate containment steps.
- Suggest and implement improvements in the environment (such as improving technical controls) and/or improve the incident response process.
- Present security analysis, action plan and risks to different audiences and adjust the delivery accordingly (business, technical and management) using either structured presentations or ad-hoc, and establish consensus.
- Augment Incident Response team to ensure 24/7 coverage and operations. Responsibilities occasionally will require working evenings and weekends, sometimes with little or no advanced notice.
- 5-7 years of Information Security or Incident Response related experience.
- 2+ years of hands-on experience in at least two of the following areas: security operations, incident response, network/host intrusion detection, threat response.
- Bachelor's degree in Information Security, Computer Science, Information Technology, related field or equivalent work experience.
- Proven past experience in day-to-day operational processes such as security monitoring, data correlation, troubleshooting, security operations etc.
- Good grasp of security incident response, such as different phases of response, vulnerabilities vs threats vs actors, Indicators of Compromise (IOCs), etc.
- Strong knowledge of enterprise detection technologies and processes (Advanced Threat Detection Tools, IDS/IPS, Network Packet Analysis, Endpoint Protection).
- Demonstrated experience with utilizing SIEM (such as Splunk, LogRythm etc) in investigating security issues and/or complex operational issues on Windows and Unix .
- Strong knowledge of network protocols and operating systems (Windows, Unix, Linux, Databases).
Request Technology - Craig Johnson
Request Technology - Anthony Honquest
Request Technology - Kyle Honn