Senior Incident Response Analyst

Position Summary

• As a member of the[Company] , the Senior Incident Response Analyst oversees the response activities for all computer related security incidents across the global computing environment. The Senior Incident Response Analyst performs tier-III investigation of suspicious activity, further triages and correlates incidents and adversary campaign activity, conducts in-depth technical analysis of network traffic and endpoint systems, and is responsible for bringing swift and accurate containment and remediation to security incidents with minimal disruption to business operations. This position is also called on to perform forensics analysis of systems, litigation support activities, and/or e-Discovery requests.
• Reporting to the Manager, IT SIRT, this position is responsible for
• Monitoring, analyzing, detecting, and responding to unauthorized activity within the global computing environment , and managing the identification, containment, eradication, and recovery of larger incidents.
• Coordinate activities with Security Operations Center Analysts and field site personnel, managing workflow and updating of Incident Management and trouble ticket systems, providing timely and accurate status updates of ongoing activities.
• Recommending short and long term adjustments to controls for immediate and future identification, containment and remediation. Provide direction on the tuning of signatures, rules, alerts, parsers, and custom scripts. Attending cyber security related events and networking with industry peers to inform engineering and operations processes of effective risk mitigation strategies for cyber-attacks.
• Working closely with other cyber threat analysis entities including local, state, and federal law enforcement organizations, intelligence communities, and other government entities to ensure rapid analysis and adoption of cyber threat intelligence into company detection and prevention systems.
• Contributing to IR process definition and the development and maintenance of documented procedures and techniques, including process integration with managed security service providers, 3rd party vendors, internal IT organizations, and business units.
• Please note, this position is open to telecommuting and can be based anywhere in the USA 

Minimum Qualifications: Education Requirements:

• Bachelors or equivalent experience; preferred Bachelor’s degree in Computer Science, Management Information Systems, Engineering, Mathematics or other related field.

Experience Requirements:

• Typically requires a minimum of 5 years of related experience.

Desired Qualifications:

• High aptitude for troubleshooting, with a background in enterprise IT operations (network, Wintel server, Unix server, desktop, applications, security) a plus.
• Experience working in a network security environment, such as a Security Operations Center (SOC), Security Incident Response Team (SIRT), or Computer Security Incident Response Center (CSIRC) investigating targeted intrusions through complex global network segments, preferred.

One or more of the following certification designations is preferred:

• GIAC Certified Intrusion Analyst – GCIA
• GIAC Certified Incident Handler - GCIH
• GIAC Certified Forensic Examiner - GCFE
• GIAC Certified Forensic Analyst - GCFA
• Certified Information Systems Security Professional - CISSP
• Other Technical Certifications considered
• U.S. Government Security Clearance, and/or capability to obtain clearance, preferred.