Cybersecurity Incident Response Triage Analyst

The Work

The Cybersecurity Incident Response Junior Analyst and Triage Analyst role will work in the CIRT team in the CISO organization. This role works on a shift under the analysis and triage team lead to relate, scope, and triage alerts and notifications from the SIEM, security sensors, ticketing system, walk-ins, and phone calls. Requires technical understanding to collaborate with the incident response and operations teams to qualify events as relevant and determine true and false positives. Knowledge in incident response lifecycles, common 
cyber-attacks, and federal incident reporting requirements.

Primary responsibilities:

• Actively monitor and respond to cybersecurity incidents related to alerted policy violations
• Analyze and investigate incidents to determine their nature and scope.
• Coordinate with the lead and other Cybersecurity Incident Response Teams for effective incident resolution.
• Document incidents and response activities in detail.
• Stay updated with the latest cybersecurity threats and trends.
• Assist in developing and refining incident response strategies and procedures.
• Collaborate with operations teams, legal, human resources and management to investigate security issues and interview investigation subjects to determine true and false positives.

What you need

• US Citizenship required
• 1 - 2 years of experience in information security, or other equivalent combination of education or equivalent work experience.
• 1-year of experience performing event and log analysis including one or more of the following: Anti-Virus,
• Intrusion Detection Systems, Firewalls, Active Directory, Web Proxies, Data loss prevention tools and other security tools found in large enterprise network environments; along with experience working with Security Information and Event Management (SIEM) solutions.
• Excellent written and oral communication skills, attention to detail, and interpersonal skills.
• Familiarity with various network and host-based security applications and tools, such as network and host assessment/scanning tools, network and host-based intrusion detection systems, and other security software 
  packages.
• Familiarity with various network and host-based security applications and tools, such as network and host assessment/scanning tools, network and host-based intrusion detection systems, and other security software 
  packages.
• Familiarity with TCP/IP, common application layer protocols, and packet analysis of the same.
• Familiarity with static and dynamic malware analysis concepts.
• Experience with indicators of attack and compromise.
• Familiarity with Windows / Linux architecture and endpoint analysis of the same.
• Familiarity with basic data parsing and analysis tools, i.e., Excel, grep, sed, awk, regex, etc
  
  

Bonus if you have

• SANs GIAC Certifications including but not limited to GCED, GCLD, GCIH, GCFA, GREM