Responsibilities:
• Provide investigation for escalated security incidents.
• Check for false positive & duplicates.
• Provide communication and escalation throughout the incident per the CSIRT guidelines.
• Communicates directly with data asset owners and business response plan owners during high severity incidents.
• Hunting for suspicious anomalous activity based on data alerts or data outputs from various toolsets.
• Perform analysis of log files to collect more contextual information in order to triage the security threat.
• Provide forensics analysis and investigation.
• Drives containment strategy during data loss or breach events.
• Triage and resolve advanced vector attacks such as botnets and advanced persistent threats (APTs).
• Works directly with data asset owners and business response plan owners during high severity incidents.
• Provide tuning recommendations to administrators based on findings during investigations or threat information reviews.
• Collect contextual information and pursue technical root cause analysis and attack method analysis.
• Make content determination to treat the alert as a security incident and assign a severity level.
Skills
Requirements:
• Bachelor's degree in Computer Science, Information Security, or related field.
• The candidate must have extensive experience in incident handling and reporting (at least 3 years in a similar role).
• Professional certifications related to incident response is preferable.
• Strong analytical and problem solving skills.
• Knowledge of network security zones, Firewall configurations, IDS policies.
• Knowledge of systems communications from Layer 1 to 7.
• Experience with Systems Administration, Middleware, and Application Administration.
• Experience with Network and Network Security tools administration.
• In-depth experience with log search tools and usage of regular expressions.
• In-depth knowledge of packet capture and analysis.
• Experience with Security Assessment tools (NMAP, Nessus, Metasploit, Netcat).
• Ability to make create a containment strategy and execute it.