• Provide investigation for escalated security incidents.
• Check for false positive & duplicates.
• Provide communication and escalation throughout the incident per the CSIRT guidelines.
• Communicates directly with data asset owners and business response plan owners during high severity incidents.
• Hunting for suspicious anomalous activity based on data alerts or data outputs from various toolsets.
• Perform analysis of log files to collect more contextual information in order to triage the security threat.
• Provide forensics analysis and investigation.
• Drives containment strategy during data loss or breach events.
• Triage and resolve advanced vector attacks such as botnets and advanced persistent threats (APTs).
• Works directly with data asset owners and business response plan owners during high severity incidents.
• Provide tuning recommendations to administrators based on findings during investigations or threat information reviews.
• Collect contextual information and pursue technical root cause analysis and attack method analysis.
• Make content determination to treat the alert as a security incident and assign a severity level.
Requirements
- Bachelor's degree in Computer Science, Information Security, or related field.
- Fluent in English language.
- The candidate must have extensive experience in incident handling and reporting (at least 3 years in a similar role). Professional certifications related to incident response is preferable.
- Strong analytical and problem-solving skills. Knowledge of network security zones, Firewall configurations, IDS policies.
- Knowledge of systems communications from Layer 1 to 7.
- Experience with Systems Administration, Middleware, and Application Administration.
- Experience with Network and Network Security tools administration.
- In-depth experience with log search tools and usage of regular expressions.
- In-depth knowledge of packet capture and analysis.
- Experience with Security Assessment tools (NMAP, Nessus, Metasploit, Netcat).
- Ability to create a containment strategy and execute it.