In this role, you will join an advanced threat detection and response team, drive proactive identification of threats within the organization, provide rapid response, monitor user activity, network events, and signals from security tools to identify events that merit attention.
Prioritization. and Investigation. Ideal candidate has cyber security experience, hands-on technical skills on Windows, Linux and Network security, along with experience in identifying live intrusions and triage security events in real-time.
Review security alerts and evaluate urgency and relevancy
Perform initial security investigation and triage
Follow runbook for incident escalation
Request or run vulnerability scan and review the assessment report.
Manages and configures security monitoring tools.
Ability to backfill other security roles as required.
5+ years of overall IT experience.
3+ years with IT Security Teams.
Windows and Linux experience.
Working experience with SIEM solutions (QRadar, Splunk, Elastic Security).
Previous work experience with the various phases of security incident response.
In-depth understanding of the types of events of interest in electronic logs.
Deep understanding of cyber defense principles, common attack vectors, incident response methodologies, log analysis and attacker techniques.
Strong familiarity with best practices related to security incident response activities and protocols, including litigation holds, chain of custody, and playbooks.
Desired Certifications (Any of the following)
GCTI (GIAC Cyber Threat Intelligence)
GSEC (GIAC Security Essentials)
CEH (Certified Ethical Hacker)
SANS Security SEC401