Security Operations Center Senior Incident Response Analyst is a senior-level technical analyst that is relied upon to operate independently and lead in-depth investigations in cybersecurity incident response, including network security monitoring, and threat hunting. The SOC Senior Incident Response Analyst serves as a subject matter expert and oversees the work of fellow SOC Team members while guiding customers through incident response activities. This position is expected to work independently in leadership of the response team to ensure that required forensics, analysis and deep technical deconstruction of cybersecurity attacks occurs with urgency in support of the company's customers.
The response process including detection, analysis, containment, mitigation and recovery will be managed by the Senior Incident Response Analyst to ensure the determination of the initial attack vector, tactics and tools used, scope of attack, and extent of compromise.
This role is authorized to work remotely and may require up to 10% travel to client locations generally within the domestic United States.
- Lead and conduct investigative analysis for complex security incidents and attacks within an incident response team.
- Provide communications and steady leadership to customers during times of crisis that accompany cybersecurity incidents.
- Serve as an escalation resource and mentor for other SOC analysts.
- Coordinate data/evidence gathering, documentation and reporting during incidents and investigations ensuring sound forensic practices.
- Supervise threat hunting activities in client networks through proactive analysis of log, network and system data to identify threats during active incident response and ensure mitigation measures are effective.
- Assemble sound technical recommendations that enable remediation of security issues.
- Identify and incorporate applicable indicators of compromise (IOCs) and cybersecurity threat intelligence to protect customer networks.
- Partner with customer IT administrators and cybersecurity personnel to ensure successful incident response practices and business system recovery.
- Provide recommendations for improvements to SOC processes and procedures based on experience and operational insight to ensure consistency between incident response team members and other Incident Response Teams.
- Responsible for continuous customer communications including situational status briefings and client deliverables such as reports, briefing presentations and recommendations.
Required Managerial and Interpersonal Skills and Qualifications:
- Capable of working independently, establishing priorities and managing task completion within deadlines that are responsive to client needs while delegating and coordinating work within a team of SOC analysts.
- Able to communicate effectively through writing, speaking, and presenting to groups and key client stakeholders, at times including non-technical audiences.
- Team player capable of productively contributing to the company's mission by supporting fellow teammates and clients in a dynamic growing and changing environment.
- Ability to lead teams and manage personnel in a remote workforce.
Essential Technical Experience and Knowledge Skills:
- Expert knowledge in network traffic analysis, threat detection, and advanced threat tactics, techniques and procedures (TTPs).
- Knowledge of forensic analysis tools such as AccessData Forensic Tool Kit (FTK) and X-Ways Forensics and Investigator, or similar system forensic software.
- Experience in cybersecurity event analysis, intrusion detection, and security operations.
- Experience creating advanced and detailed queries, such as regular expressions, for log, event and correlation analysis.
- Experience with Security Information and Event Management (SIEM) systems, including analysis and incident workflow development processes.
- Experience with a broad array of cybersecurity tools and technologies with the ability to navigate management consoles to extract necessary investigative information as well as to assist in the configuration to enable detection and prevention as part of the response process.
- Broad knowledge and experience with varieties of network and security architecture principles, firewall and IDS/IPS fundamentals, endpoint security systems and other security protective/detective systems.
- Knowledge of cloud technologies and email systems necessary to conduct analysis of cybersecurity attacks in a variety of environments and platforms.
Additional Background and Experience Requirements:
- Well qualified candidates will possess an industry certification including CISSP, GCIH, GMON, GCIA, OSCP, CEH or other recognized credentials.
- Must be able to complete pre-employment screening, State of Texas background investigation, and be capable of obtaining a US Government Secret level clearance.
Preferred Skills and Qualifications:
- Computer Science or related 4-year degree.
- Experience with the identification and analysis of vulnerabilities and attacker exploit techniques.
- Experience training and mentoring others on advanced technical topics such as log and traffic analysis and intrusion detection.
- Experience with quickly learning and understanding complex environments, independently reaching stretch goals, and continually improving knowledge and capabilities.
- Experience taking on complex and difficult problems, formulating a path forward, and executing steps that demonstrate meaningful progress.