Cybersecurity Incident Response Analyst

Job Description:

Cybersecurity Incident Response Analyst

BASIC PURPOSE: The Cybersecurity Incident Response Analyst is an exciting entry point for those wishing to begin their career in cybersecurity! This role function as a Tier 2 resource in Clario’s Security Operations Center (SOC) team providing initial response and triage of events that are identified in the Security Incident and Event Management (SIEM) platform. In addition, this role will assist in scripting automated responses to defined detections, conducting basic threat hunting exercises, and gathering threat intelligence to process among other high impact tasks. Successful candidates will be highly motivated to learn, adapt to changing situations, and take initiative on items that need to be addressed.

ESSENTIAL DUTIES AND RESPONSIBILITIES:

• Serve as Tier 2 analyst in Clario’s SOC, triaging and conducting investigations into events raised in the SIEM, other security tools, and escalations from Tier 1.
• Identify false positive events and validate & remediate true positive events.
• Initiate containment actions as well as escalation for incidents.
• Support interdepartmental activities for containment, remediation, root cause analysis, and documentation of incidents.
• Conduct or assist in routine maintenance of tools including EDR, SIEM, IPS signatures, and other security tools.
• Maintain, create and update process documentation as well as team runbooks for operations.

OTHER DUTIES AND RESPONSIBILITIES:

Cross functional duties as assigned with Threat and Vulnerability Management, Security Engineering, and Product Security Testing.

The duties and responsibilities listed in this job description represent the major responsibilities of the position. Other duties and responsibilities may be assigned, as required. The Company reserves the right to amend or change this job description to meet the needs of the Company. This job description and any attachments do not constitute or represent a contract.

QUALIFICATIONS AND SKILLS NEEDED:

Education:

• Bachelor’s in information systems or related field. NOTE: May also consider associate’s degree based on relevant experience and certifications
• Relevant Security Certifications Preferred (e.g. CEH, Pentest+, LPT, CEPT, GPEN, GWAPT, CPT, OSCP)

Experience:

• 0-3 Years of Information Security experience, preferably with Security Engineering or Security Operations roles or projects.
• Basic understanding of security operations concepts such as adversary TTPs, perimeter defense, insider threat, kill-chain analysis, incident response, and security metrics.
• Familiarity with Endpoint Detection Response, Firewalls, Intrusion Prevention Systems, Security Incident and Event Management, and Email Security tools.
• Analytical and critical thinking skills, including being detail oriented.
• Strong troubleshooting, reasoning, and problem-solving skills.
• Team player with the ability to work autonomously.
• Knowledge of Networking (including the OSI Model, TCP/IP, DNS, HTTP, SMTP), Cloud Computing (AWS preferred), System Administration, and Security Architecture.
• Scripting experience is preferred especially PowerShell and Kusto Query Language (KQL).
• Ability to interact with technical and non-technical audiences.

The Department Head has the discretion to hire personnel with a combination of experience and education, which may vary from the above listed qualifications. This JOB description should not be deemed all-inclusive. Additional requirements and expectations may be assigned. At all times, employees are expected to adhere to company policies and company SOPs.