What You'll Be Doing:

• Perform incident triage to include determining scope, urgency, and potential impact , and incident response actions to mitigate immediate/potential threats.
• Receive cases from the DETECT team and perform deep-dive investigations to determine root cause.
• Work with IT and other units as needed to resolve Incidents, acquire necessary details, and ensure the Incident has been documented appropriately
• Produce status updates on all open Incidents and Post-Mortem Reports as required
• Remotely access machines to conduct malware eradication and remove unauthorized software
• Correlate Incident data to identify specific risks and make mitigation recommendations
• Monitor external data sources (e.g., vendor sites, US-CERT) to maintain knowledge of threat condition and evaluate security issues that may have an impact on the enterprise
• Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and Intrusion Detection System [IDS] logs) to identify possible threats to network security
• Perform forensically sound collection/storage of digital evidence and maintain chain of custody
• Perform real-time Incident handling (e.g., forensic collections, intrusion correlation/tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Process
• Track and document Incidents from initial detection through final resolution
• Write and publish Incident reports and recommendations for senior leadership
• Author SOC documentation including reports, procedures, policies, and playbooks
• Contribute to weekly/monthly/annual cybersecurity briefings
• Serve as technical expert and liaison to law enforcement personnel and explain Incident details as required
• Teach and mentor security apprentices in RESPOND skills
• Special Projects – Other duties as assigned by Supervisor
• Performs other responsibilities associated with this position as may be appropriate
• Experience creating consumable and relevant security reports from large amounts of data

What Required Skills You'll Bring:

• Bachelor's Degree in Computer Security, Computer Science, or another closely related IT discipline preferred (or equivalent experience)
• 8+ years (minimum of five years) in cyber security analysis or Incident Response in a Security Operations Center (SOC) or Computer Emergency Response Team (CERT) environment
• Advanced knowledge of operating in a SOC/CERT environment, knowledge of attacker methodology and penetration testing concepts, operating systems and system administration, enterprise environments, networking and network security.
• Advanced knowledge of scripting languages and syntax and of TCP/IP networking and network protocols
• Skilled in Incident Response actions such as system containment/isolation, eradication of threats from the environment, and restoration of business assets analyzing. Correlating information from multiple sources to determine event/incident root cause, scope, and impact.
• Experience with computer intrusion methodology and utilizing specialized analysis/investigation methodology, including forensic tools to acquire and examine evidence.
• Real-time network monitoring using Security Information and Event Management (SIEM) and Raw packet analysis (PCAP) and security appliances (Intrusion Detection System, Intrusion Prevention System, Firewalls, Proxies, etc.) to include how the devices work and associated limitations
• Understanding variety of network defense/monitoring tools in the context of an analyst

Licenses and Certifications:

• CISSP Certified Information Systems Security Professional Preferred
• CompTIA Advanced Security Practitioner (CASP) Preferred