Client Analytics Analyst
Evolent
PythonSQLTableau
Insider Investigations Analyst
CrowdStrike
full-time
Posted on:
Location Type: Remote
Location: Remote • Texas • 🇺🇸 United States
Visit company websiteSalary
💰 $100,000 - $155,000 per year
Job Level
Mid-LevelSenior
Tech Stack
AssemblyCyber SecurityLinuxOpen SourceSQLTCP/IP
About the role
- Participate in confidential insider risk investigations
- Create and implement insider risk related detections
- Perform detailed and comprehensive investigations, reviewing data from multiple data sources to include, but not limited to, network, host, and open source
- Communicate with end users regarding potential policy violations when appropriate
- Assist in data recovery efforts through the creation of comprehensive reports on an as-needed basis
- Provide senior leadership and executive level staff with active investigations notifications/updates (EXSUMs) in a clear, logical, concise manner
- Handling confidential or sensitive information with appropriate discretion
- Assist in regular and sustained alert tuning efforts to minimize false positive results
- Ensure that all investigations are properly documented and tracked in appropriate case management systems
- Support Incident Response lifecycle via triage and investigation of detections and action as appropriate (e.g. live response, containment, escalation, etc.)
- Assist in the development of detection criteria, through ASM (Attack Surface Mapping), across a broad range of technologies and log sources
- Identify security controls coverage and efficiency gaps in available data/logs and tooling
- Provide information security summaries containing security metrics as required
- Participate in incident response and manage escalations as needed
- Drive efficient process development and documentation for all aspects of the Incident Response lifecycle
- Provide after-hours support on an on-demand basis
Requirements
- Experience with data classification or risk scoring methodologies
- Excellent verbal and written communication skills with a strong emphasis on attention-to-detail
- Ability to triage and manage 2-3 investigations simultaneously
- Ability to work independently and coordinate with multiple internal departments as needed
- Experience responding to security event alerts, including front-line analysis and escalation, of hacktivist, cybercrime, and APT activity
- Theoretical and practical knowledge with Mac, Linux, and Windows operating systems
- Theoretical and practical knowledge with TCP/IP networking and application layers
- Experience with ASM (Attack Surface Mapping), Threat Hunting/Emulation
- Experience with access/application/system log analysis, IDS/IPS alerting and data flow, and SIEM-based workflows
- Experience with security data collection, processing, and correlation
- Capable of following technical instructions and completing technical tasks without supervision
- Desire to continually grow and expand both technical and soft skills
- Contributing thought leader within the incident response industry
- Ability to foster a positive work environment and attitude
- Scripting experience (Bash, PowerShell, etc.)
- Experience with REGEX and data stream editing binaries (SED, AWK, etc.)
- Experience with host database enumeration and analysis (SQL, SQLITE3)
- Experience with network analysis (TCPDump, TSHark/WireShark, etc.)
- Experience with basic static and dynamic host analysis (Order of Volatility, etc.)
- Experience with basic files analysis (permissions, ownership, metadata)
- Working knowledge of INIT, SYSTEMD, LAUNCHD, BIOS/UEFI Boot processes
- Applicable security certifications (GCIA, GCIH, GCFA, GNFA, GIME, GCCC, GPEN, OSCP, etc.) or equivalent job experience.
- Obtained or pursuing an undergraduate degree or direct experience in information/cyber security, information systems, or computer science
Benefits
- Remote-friendly and flexible work culture
- Market leader in compensation and equity awards
- Comprehensive physical and mental wellness programs
- Competitive vacation and holidays for recharge
- Paid parental and adoption leaves
- Professional development opportunities for all employees regardless of level or role
- Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections
- Vibrant office culture with world class amenities
- Great Place to Work Certified™ across the globe
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
data classificationrisk scoring methodologiesTCP/IP networkingASM (Attack Surface Mapping)Threat Huntinglog analysisSIEM-based workflowsscripting (Bash, PowerShell)REGEXnetwork analysis (TCPDump, TSHark, WireShark)
Soft skills
verbal communicationwritten communicationattention to detailindependent workcoordinationpositive work environmentthought leadershipprocess developmentdiscretionability to manage multiple investigations
Certifications
GCIAGCIHGCFAGNFAGIMEGCCCGPENOSCP
