The focus of the CSIRT Threat Analyst I is to proactively investigate security events in an effort to identify artifacts of a cyber-attack.
They will also be expected to participate in several different areas within Security Operations and Incident Response process;
these activities can include digital forensics, use case development, security control testing, and hunt plan development.
The CSIRT Threat Analyst I will use data analysis, threat intelligence, and cutting-edge security technologies. Working within the Security Operations team, the CSIRT Threat Analyst I is responsible for reviewing system log events and data packets to proactively detect advanced threats that evade traditional security solutions.
The purpose of the Cybersecurity Analyst III position is to support the Incident Response and Threat Intelligence group program for the company.
The candidate must have a curious investigative mind, an interest in information security, and the ability to communicate complex ideas to varied audiences.
Participate in the Cyber Security Incident Response Team (CSIRT). Help CSIRT to employ strategy, standards, processes and technology to detect, respond and recover from security incidents and to limit the impact of any such occurrence or reoccurrence by using risk-based triage.
Track threat actors, their tactics, techniques, and procedures (TTPs), and their associated Indicators of Compromise (IOCs)
Capture intelligence on threat actor TTPs / IOCs and coordinate with SecOps pods to develop countermeasures
Work with various internal teams to identify gaps in and expand coverage of endpoint, logging and network tooling to improve monitoring and response capabilities.
Ability to analyze data and communicate malicious behavior discoveries to non-technical consumers.
Investigate, triage, contain, and mitigate cybersecurity alerts and incidents using various cyber security tools such as : EDR, SIEM and CASB.
Determine nature and scale of threats and provide recommended containment actions
Create and tune data models and / or SIEM alerts for automated response orchestration and systemic improvement
Assist in Use Case Roadmap development and Use Case validation
Reviews threat intelligence reports and feeds, makes recommendations for profile or toolset changes based on reviews.
Perform threat hunting exercises by developing detection rules and analyzing cybersecurity data to discover activity not seen within the environment
Collaborate with internal stakeholders on addressing systemic security issues
Experience with one or more scripting languages (PowerShell, Python, Bash, etc.)
Conduct trending and correlation of various cyber intelligence sources for the purposes of indicator collection, shifts in TTPs, attribution and establishing countermeasures to increase cyber resilien"
A Bachelor's degree in computer science, engineering or a related discipline, or the equivalent combination of education, technical training or work / military experience.
5+ years of Information Security / Risk Management experience
Intermediate understand of OSI model
Application, System and Network security best practice knowledge
Advanced knowledge and Work experience in Security Operations or related fields such as Audit, IT Security, or Business Continuity, however other IT disciplines are eligible
Technical knowledge to understand detailed issues around business continuity, security, and overall risk in IT. Able to have enough expertise to drive a solution and solve issues, addressing risk.
Experience managing a team in a high paced environment
One or more of the following certifications or ability to obtain one in near future : CEH, CISSP, CRISC, CISA, ECSA, CHFI, CFE, MCSE, CCNA, CCNP
Experience in a regulated (financial, pharmaceutical, health care, etc.) industry is highly desired.
Experience with regulatory requirements including but not limited to PCI-DSS, ISO2700, HIPAA, etc."