Title: Sr. Cyber Security Analyst
We are seeking a Sr. Cyber Security Analyst for a very important client.
The candidate will join the Cybersecurity Operations Team as Incident Response Analyst . SecOps is responsible for responding to computer based attacks as well as other computer related investigations. The Sr. Cybersecurity Analyst will leverage their knowledge of enterprise systems, cybersecurity, attack methods and forensic techniques to respond to escalated incidents. The Sr. Cybersecurity Analyst will use a comprehensive set of cybersecurity and forensic tools to complete investigations of cyber-attacks.
Investigate escalated incidents using all available information from IT systems and security systems such as OS logs, application logs, firewall, IPS, sand boxing, host security, network devices, vulnerability management, compliance management, DLP and network forensics.
Follow standard incident response phases: prepare, identify, contain, eradicate, recover, lessons learned.
When required, coordinate efforts among Legal, Human Resources, Corporate Compliance, law enforcement, outside information security emergency handling agencies.
Participate in on-call rotation.
Lead the forensic investigation efforts and the post mortem sessions for cybersecurity incidents.
Use enterprise and host forensic tools to perform detailed investigations of computer based incidents.
Identify and document malware artifacts.
Document indicators of compromise for use in future detections.
Collect and preserve evidence following industry best practices and established procedures.
When required, work closely with Law Enforcement Agencies (LEA).
Use investigation findings to recommend security posture improvements.
Maintain knowledge of the latest threats.
Continually learn new technology and best practices for incident response.
Develop and deploy new procedures and techniques to improve the incident response process.
Evaluate and recommend new in technology in computer forensics and related areas.
Resolve complex issues in creative and effective ways that safeguard and protect the Company’s information assets and IT Infrastructure from sophisticated threats and exploits
The ideal candidate will possess the following qualifications:
Five or more years’ experience in Incident Response or Computer Forensics.
Experience reviewing alerts and log data from a wide variety of sources.
Experience conducting forensics on Windows, OSX and Linux based systems.
Understanding of how systems get infected and common malware behavior.
Ability to clearly document investigative findings.
Ability to interact with executives in a professional manner on sensitive investigations.
Knowledge of legal and regulatory requirement for financial services.
Experience investigating account take over and other attacks against web based services.
Knowledge of a wide variety of enterprise wide IT systems such operating systems, directory services, cloud services, mobile device management, virtualization, network devices, web servers, databases and firewalls.
Scripting experience using Python.
Mac and Linux forensics.
Using large data sets to hunt for security issues.
Forensic or computer security related certifications such as: ENCE, ACE, GCFA, GCIA, GCIH, GCFA, GNFA, CISSP.