Resideo is seeking a highly motivated and skilled Senior Threat and Incident Response Analyst that will monitor and investigate escalated security events to determine risk and exposure and perform additional investigations to understand impact and mitigation. This position will work closely with other team members to prioritize, manage and resolve incidents. The ideal candidate should be self-motivated and strong in execution of tasks assigned. The individual should be inquisitive in nature, challenging the norm to identify risks, vulnerabilities and threats. This is an amazing opportunity to grow with a company that is backed by dynamic leadership.
* Lead cyber incident response and threat hunting engagements.
* Construct and exploit threat intelligence to detect, respond, and defeat cyber threats.
* Fully analyze network and host activity in successful and unsuccessful intrusions by attackers.
* Piece together intrusion campaigns, threat actors, and nation-state organizations.
* Manage, share, and receive intelligence on adversary groups.
* Generate, vet, and track information from numerous data sources and share it accordingly.
* Identify, extract, and leverage intelligence from cyber intrusions.
* Expand upon existing intelligence to build profiles of adversary groups.
* Leverage intelligence to better defend against and respond to future intrusions.
* Create and add custom signatures, to mitigate highly dynamic threats using the latest threat information.
* Conduct initial dynamic malware analysis on samples obtained during an investigation or hunt operation to create custom signatures.
* Maintain knowledge of the current security threat level by monitoring related Internet postings, Intelligence reports, and other related documents as necessary.
* Develop and produce reports on all activities and incidents to help maintain day to day status, develop and report on trends, and provide focus and situational awareness on all issues.
* Correlate data from intrusion detection and prevention systems with data from other sources such as firewall, web server, and DNS logs.
* Notify the management team of significant changes in the security threat against company networks in a timely manner and in writing via established reporting methods.
* Coordinate with appropriate organizations within the intelligence community regarding possible security incidents. Conduct intra-office research to evaluate events as necessary, maintain the current list of coordination points of contact.
* Review assembled data with firewall administrators, engineering, system administrators and other appropriate groups to determine the risk of a given event.
* Other duties as assigned.
* Excellent interpersonal, organizational, writing, communications, and briefing skills.
* Strong analytical and problem-solving skills.
* Minimum of 6 years of progressively responsible experience in security monitoring, threat hunting, incident response, or related experience.
* Familiarity with the following classes of enterprise cyber defense technologies:
* Security Information and Event Management (SIEM) systems
* Intrusion Detection System/Intrusion Prevention Systems (IDS/IPS)
* Network and Host malware detection, prevention and host forensic applications.
* Web/Email gateway security technologies
* Bachelors Degree
* Security certifications such as: GCTI, GMON, GCIH, GCFA, GCIA, or similar.
* Scripting language skills, searching and/or regular expression creation experience to support dynamic security event analysis.