- Investigate potential cyber-attacks and intrusion attempts, and lead containment, eradication, recovery, and lessons learned analysis of actual incidents.
- Leverage aggregated cyber threat intelligence, log, network flow, and anomaly data for analysis, research and the identification of potential compromise on behalf of our customers.
- Prioritize incoming requests to minimize risk exposure and ensure the timely completion of critical tasks and the escalation of time-sensitive issues.
- Create detailed incident and analysis reports, and provide concise summaries for management.
- Contribute to our efforts to drive continuous improvement by collaborating with Engineering to develop ad-hoc reports and solutions to satisfy customers.
Minimum Requirements (Knowledge, Skills, and Abilities):
- A deep understanding of cybersecurity operations processes, procedures, guidelines, and solutions, including practical experience of cyber kill chain principles
- In-depth understanding of Windows, UNIX, and Linux operating systems, networking, malware defenses, and perimeter controls.
- Knowledge of TCP/IP networking and core Internet protocols such as UDP, ICMP, DNS, FTP, SMTP, HTTP, SNMP, etc.
- Proven ability to innovate, develop, implement, and effectively document complex technical systems and approaches.
- Familiarity with scripting languages such as Bash, and Python.
- Familiarity with interpreting and building visualizations with open source tools such as Kibana.
- Knowledge of adversary tactics, techniques, and procedures, along with analysis of advanced intrusions across a complex global network; and basic cyber-security forensics procedures.
- Strong oral and written communications skills (e.g., technical writing, user guide development, requirements analysis) and ability to interact effectively with technical and non-technical audiences, as well as present in front of small and large groups.
- Self-starter with a sense of urgency who takes ownership and responsibility for their work.
- Works independently with minimal guidance to drive projects to completion, while also working collaboratively with the team to achieve strategic goals
- Professional, clear, and concise communication to both technical and non-technical audiences
- Strong deductive reasoning, critical thinking, problem-solving, prioritization, and consultative skills
- Proven organizational skills (time management and prioritization), and also employ a rigorous process for all follow-up/coordination activities
- Position requires access to highly sensitive confidential material. Integrity and discretion are mandatory.
- Comfortable working in a dynamic environment, start-up environment.
- Ability to deal diplomatically and effectively at all levels of the business including both technical and non-technical staff, management and senior leadership.
Minimum of seven (7) years of experience in Information Security, and at least three (3) years in information security experience with a focus on vulnerability management, threat tracking, event and anomaly analysis, intrusion detection/prevention, incident response etc.
Formal Education & Certification:
- Bachelor of Science in Computer Science, Information Systems, Software Engineering, or relevant military or law enforcement experience.
- Preferred Certifications:
o ISC2 SSCP (Systems Security Certified Practitioner)
o ISC2 CCFP (Certified Cyber Forensics Professional)
o GIAC Certified Intrusion Analyst (GCIA)
o GIAC Certified Incident Handler (GCIH)
o EC-Council Computer Hacking Forensic Investigator (CHFI)
o EC-Council Certified Incident Handler (CIH)