The Incident Response Analyst will provide detection, containment, and analysis of security events to protect the confidentiality, integrity, and availability of information systems in accordance with the firm's business objectives, regulatory requirements, and strategic goals.
Responsibilities :
Provide Tier 2 incident response services to the global organization on behalf of the Information Security Team
Receive, process, and resolve tickets per defined SLA's.
Analyse information garnered from monitoring systems, operational incidents, and other sources to determine the scope and impact of potential security incidents, and process accordingly
Critically assess current practices and provide feedback to management on improvement opportunities
Assist with the design and implementation of threat detection and prevention solutions identified as necessary for the protection of Firm assets
Effectively utilize common IR toolsets, platforms, and processes, such as SIEM, log management, packet capture, and breach detection systems
Provide assistance with forensic examinations and chain -of-custody procedures as directed by the Security Incident Response Engineers
Provide input into standards and procedures
Report compliance failures to management for immediate remediation
Maintain assigned systems to ensure availability, reliability, integrity, including the oversight of current and projected capacity, performance, and licensing
Provide status reports and relevant metrics to the Security Operations
Contribute to the Firm's security-related information repositories and other marketing / awareness endeavours
Participate in special projects as needed
Skills and Experience :
Applied knowledge of IR concepts and best practices, including forensics and chain-of-custody
Experience with common IR tools such as SIEM, log management, IDS, breach detection systems (APT / BDS / EDR), and packet capture
Broad understanding of TCP / IP, DNS, common network services, and other foundational topics
Intermediate knowledge of malware detection, analysis, and evasion techniques
Some experience in malware analysis (executables, scripts, and office documents), rootkits, bootkits, traffic analysis (Wireshark) and proficient use of disassemblers (IDAPro) or debuggers (OllyDBG, winDBG)
Experienced in penetration testing and vulnerability assessment on enterprise systems and networks to enhance network security
Experienced in web application penetration testing with BurpSuite or other similar web application security tools. Knowledgeable with software attack and exploitation techniques
Broad familiarity with the threat landscape and the ability to adapt practices to evolving circumstances
Experienced threat hunter using with use of MITRE's ATT&CK or similar framework.
Familiarity with the hunting maturity model and understanding of a variety of different types of data analysis techniques to identify malicious activity
Created and published hunting procedures
Ability to gather and analyse facts, draw conclusions, define problems, and suggest solutions
Maintain critical thinking and composure under pressure
Strong written and oral communication skills. Ability to convey complex concepts to non-technical constituents. Proficiency in oral and written English
Capable of providing assistance with the preparation of internal training materials and documentation
Ability to be productive and maintain focus without direct supervision
Passionate in the practice and pursuit of IR excellence
Exhibits a disciplined and rigorous approach to incident handling
Willing to accommodate shift-based work for a global organization
Provides exemplary customer service by striving for first call resolution and demonstrating, empathy, respect, professionalism, and expertise
Some experience with digital forensics on host or network and identification of anomalous behaviour on network or endpoint devices
Knowledgeable with industry standard forensic best practices while imaging, preserving, transporting and handling electronic data from a diverse set of digital data sources, including laptop and desktop computers, servers, networks and mobile devices
Education
Possess a Computer Science Bachelor's Degree or substantial
equivalent experience
Experience
Strong in information security with a focus on incident response and forensics
Special Requirements, Licenses, and Certifications
GCFE, GCFA, GCTI, GREM, GPEN, GWAPT
CISSP or SSCP desired 
