Monitor the daily operations of the team, being the primary liaison between analysts and leadership
Provide advanced support and act as a designated contact for the Cyber Defense Analysts (e.g., consulting on investigation / analysis)
Oversee response activities for security events and alerts associated with cyber threats, intrusions, or compromises
Use investigative experience and technical skills to analyze events using security tooling and logging (e.g., SIEM, EDR) and assess potential risk
Monitor for anomalous changes in metrics, notable open incidents, quality concerns, or observed risks
Complete assigned caseload throughout the incident response lifecycle, including analysis, containment, eradication, recovery, and lessons learned
Ensure incident updates are performed, documented and that case hand-off processes are completed
Be a mentor to Cyber Defense Analysts, providing feedback on the quality of work to analyst(s) and management
Lead the development of relevant Standard Operating Procedures (SOPs), and training materials
Collaborate with the Cyber Threat Intelligence (CTI) and content development teams (Threat Detection Engineering) on use case developments

Requirements

5+ years of information security experience working within a Security Operations Center or Cyber Security Incident Response Teams; at least 1 of which ideally includes experience as a team lead
Bachelor's Degree in Computer Science, Computer Engineering, Information Systems, Information Security, or a related field.
History of interpreting device and application logs from a variety of sources (e.g., Firewalls, Proxies, System Logs, Splunk) to identify cause
1+ professional certifications related to Digital Forensics, Incident Response, or Ethical Hacking (e.g., GCIH, GMON, GSOC, CEH, GCFA, ENCE)
Information security management certifications (CISSP, CISM)
Knowledge of the Incident Response Life Cycle, MITRE ATT&CK Framework, and Cyber Kill Chain
Understanding of common Operating Systems (Windows, Linux, Mac OS), Networking (Firewalls, Proxies, NetFlow), Cloud Infrastructure (AWS, Azure, GCP), and Security Technologies (Anti-Virus, Intrusion Prevention, Web Application Firewalls)
Experience with Security Monitoring applications such as SIEM (e.g., QRadar, Splunk), EDR (e.g., CrowdStrike Falcon, Microsoft Defender)
Experience with SOAR technologies such as Palo Alto XSOAR and Google SecOps (Chronicle)
Security analysis and architecture knowledge using tools including Defender for Cloud, Wiz.io, GuardDuty, CloudTrail, or CloudWatch.
Record of improving the way work is performed, originating action and ideas to lead enhancements to existing processes.
Available to work outside of normal work hours to respond to cybersecurity incidents

Benefits

Great compensation package and bonus plan
Core benefits including medical, dental, vision, and matching 401K
Flexible work environment, ability to work remote, hybrid or in-office
Flexible time off including volunteer time off, vacation, sick and 12-paid holidays

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills

incident responsecybersecuritydigital forensicssecurity analysislog interpretationrisk assessmentthreat detectionnetworkingcloud infrastructureoperating systems

Soft skills

leadershipmentoringcommunicationcollaborationproblem-solvingfeedbackprocess improvementorganizational skillsanalytical thinkingattention to detail

Certifications

GCIHGMONGSOCCEHGCFAENCECISSPCISM