Incident Response Analyst

14 hours ago

Apply Now
Logo of Thrive

Thrive

Managed IT Services • Complete Outsourced IT Services • Hosted Cloud Services • Help Desk Support • Onsite Engineering

Description

• Process investigation requests from SOC Analysts who perform security event monitoring using Security Information and Event Management (SIEM) from multiple sources, including but not limited to, events from network and host-based intrusion detection/prevention systems, network infrastructure logs, systems logs, applications, and databases. • Investigate intrusion attempts, differentiate false positives from true intrusion attempts, and perform in-depth analysis of exploits • Lead incident response and threat hunting efforts for confirmed High Priority security incidents and follow through until resolution • Utilize threat intelligence to identify and investigate potential security threats • Develop playbooks for incident response and incident management processes, including threat triage, incident investigation, and incident resolution • Conduct regular reviews of playbooks to ensure they are current and effective • Work with cross-functional teams to ensure that playbooks are aligned with the overall security strategy and goals • Participate in tabletop exercises and drills to test and validate playbooks • Monitor and evaluate security incidents to identify opportunities for improving playbooks • Keep up to date with current security threats and trends to ensure that playbooks are relevant and effective • Actively investigate the latest security vulnerabilities, advisories, incidents, and TTPs (tactics, techniques, and procedures) and work with the Security Engineering team to recommend use cases • Proactive monitoring, threat hunting, and response of known and/or emerging threats • Carry out Thrive’s information security strategy both internally and externally for 400+ clients • Analyze data from our SOC, SIEM and EDR platforms and determine if further analysis is needed • Work within Thrive’s security standards and best practices and recommend future enhancements • Stay abreast of security events and techniques to keep our clients protected

Requirements

• Demonstrates comprehension of best security practices • Has advanced knowledge of the following systems and technologies: SIEM (Security Information and Event Management) • TCP/IP, computer networking, routing, and switching • IDS/IPS, penetration and vulnerability testing • Firewall and intrusion detection/prevention protocols • Windows, UNIX, and Linux operating systems • Network protocols and packet analysis tools • EDR, Anti-virus, and anti-malware • Content filtering • Email and web gateway. • Malware, Network, or System Analysis • Professional experience in an Incident Response Role • Ability to collaborate and communicate security issues to clients, peers, and management • Strong analytical and problem-solving skills • Adaptability and resilience in rapidly evolving situations • Ability to be a part of an on-call rotation, occasionally working nights, and weekends to support High Priority Security Incidents • Required Skills: Technical proficiency in networking, operating systems, and security technologies • Familiarity with security tools like SIEM, IDS/IPS, EDR, and forensic analysis tools • Understanding of incident response procedures and methodologies • Understanding of frameworks such as MITRE ATT&CK and the Cyber Kill chain, • Familiarity with TCP/IP network protocols, application layer protocols (e.g., HTTP, SMTP, DNS, etc.) • Experience in responding to and investigating cloud, system, or network intrusions • Excellent Written and Verbal Communication Skills • Expertise in forensics, malware analysis, and network intrusion response • Preferred Skills • Knowledge of common Windows and Linux/Unix system calls and APIs • Knowledge of programming languages • Knowledge of internal file structures for file formats commonly associated with malware • Knowledge or experience in Detection Engineering

Apply Now

Similar Jobs

14 hours ago

Seeking a Bid and Proposal Analyst for 1840 & Company, a leader in remote BPO services.

4 days ago

Be a Pricing Analyst for Sports events at REPS & Co., leveraging data to drive decisions.

4 days ago

Join Sophos as a Benefits Analyst/Specialist to manage employee benefits administration and compliance.

4 days ago

Monitor and improve workforce productivity by addressing attendance and performance issues quickly. Support operations in a remote environment.

Built by Lior Neu-ner. I'd love to hear your feedback — Get in touch via DM or lior@remoterocketship.com