You Are:

The Cybersecurity Incident Response Analyst role will work in the CIRT team in the CISO organization. We are looking for skilled cybersecurity incident response manager to join our Dedicated Project Response Team. This role focuses on actively responding to cybersecurity incidents occurring on project-managed AFS systems and handling project-based cybersecurity incidents. The ideal candidates have a strong background in cybersecurity, incident analysis, and a keen eye for detail.

 Responsibilities Include:

• Actively monitor and respond to cybersecurity incidents related to project-managed AFS systems.
• Analyze and investigate incidents to determine their nature and scope.
• Coordinate with CDPRT lead and other Cybersecurity Incident Response Teams for effective incident resolution.
• Document incidents and response activities in detail.
• Stay updated with the latest cybersecurity threats and trends.
• Assist in developing and refining incident response strategies and procedures.
• Collaborate with operations teams and management to investigate security issues and determine true and false positives, perform malware analysis and provide recommendations to increase the organizations security posture, as well as troubleshooting skills for unknown environments and systems and organization skills to gather information in advance and during incidents.

Here's What You Need:

• US Citizenship required.
• Excellent communication (written and oral), attention to detail and interpersonal skills
• Experience presenting complex technical information to decision makers and leading them through the decision-making process.
• Work independently to deliver timely solutions without direct supervision.
• 3-5 years’ experience in information security
• 2 year(s) of Incident Response experience performing event and log analysis including one or more of the following: Anti-Virus, Intrusion Detection Systems, Firewalls, Active Directory, Web Proxies, Data loss prevention tools and other security tools found in large enterprise network environments; along with experience working with Security Information and Event Management (SIEM) solutions.
• Familiarity with various network and host-based security applications and tools, such as network and host assessment/scanning tools, network and host-based intrusion detection systems, and other security software packages.
• Basic understanding of TCP/IP and common application layer protocols
• Packet & Malware Analysis
• Indicators of Attack and Compromise
• Detection Design & Engineering to Tune Signatures
• Windows / Linux Architecture
• Basic data parsing (Excel, grep, sed, awk, regex)
• Knowledge of federal incident reporting requirements.

Bonus Points if you have:

• SANs GIAC Certifications including but not limited to GCED, GCLD, GCIH, GCFA, GREM; CISSP.