About
Job Description
Worker Sub-Type:
Regular
Job Description:
THE POSITION
The Triage Analyst supports the Incident Response team by responding to escalated alerts and monitoring alerts during heavy volume events. This position conducts more in-depth analyses of security incidents with the specific ability to identify Indicators of Compromise, perform intrusion scope and root cause analyses and implement triaging protocols to mitigate potential damage to the client's cyber ecosystem.
KEY RESPONSIBILITIES
* Updates procedures and configure tools for Monitoring Analysts consumption
* Escalates cyber security events according to the client's playbook and standard operation procedures (SOPs)
* Performs additional analysis of escalations from Tier 1 Analysts and conduct case review
* Assists with containment of threats and remediation of environment during or after an incident
* Escalates high or critical severity level incidents to Incident Investigators
* Consumes threat intelligence and disseminate findings to relevant parties
* Conducts hunting activities based on internal and external threat intelligence
* Performs triage of service requests from customers and internal teams
WHO WE ARE LOOKING FOR
* BA/BS in Engineering, Computer Science, Information Security, or Information Systems or related work experience
* 2+ years of experience using event escalation and reporting procedures, managing security alerts within enterprise SIEM systems and performing network monitoring in a Cyber Security Operations environment
* Demonstrated analytical expertise, close attention to detail, excellent critical thinking, logic, and solution orientation and to learn and adapt quickly
* Understanding TCP/IP communications & knowledge of how common protocols and applications work at the network level, including DNS, HTTP, and SMB
* Knowledge of how common network protocols and applications work at the enterprise level, including DNS, HTTP, and SMB
* Knowledge of how the Windows file system and registry function
* Must be onsite in Plano, TX (Monday - Friday, flexible work hours if possible)
ABOVE AND BEYOND
* Experience with Splunk and other SIEM platforms, Enterprise Intrusion Prevention Systems, Endpoint Detection tools, and other security products
* Experience conducting incident handling and response efforts in large enterprise environments
* Experience supporting incident investigations
* Experience working in a 24/7 SOC environment
* Security certifications (e.g. Security+, Network+, CEH, SANS etc.)
WHAT WE NEED FROM YOU TO APPLY
* Current resume
* Github link or previous project portfolio
Job Family Group Name:
Sales
Scheduled Weekly Hours:
40