The Lead Incident Response Analyst will manage the critical IT incident response efforts of the company to its clients and perform as a member of the IR team. This work includes both the development of the client’s IR preparedness capabilities and responding directly to critical incidents in a timely and professional fashion. Working together with the client’s IT administration the Lead IR Analyst will assist with the development of critical incident planning in the form of policy, procedures, plan testing, response planning, and training. The Lead IR Analyst will be responsible for providing trusted leadership and world-class service to the client during dynamic critical incidents.
LEAD INCIDENT RESPONSE ANALYST WILL BE RESPONSIBLE FOR
- Craft IR preparedness doctrine for clients adhering to industry standards, best practices, and regulatory requirements.
- Triage critical incidents and manage escalation through the incident lifecycle.
- Establish response objectives and effectively communicate response strategy with the client.
- Effectively respond to casework related to computer security vulnerabilities, phishing, malware, breach, insider threat, credential abuse, and more.
- Ability to anticipate and respond to changing priorities, and operate effectively in a dynamic demand-based environment, requiring extreme flexibility and responsiveness.
- Preserve, harvest, and process electronic data according to company policies, forensic best practices, and regulatory requirements.
- Participate in forensic investigations as required, to include the collection, preservation of electronic evidence, analysis, and reporting.
- Produce high quality oral and written work, presenting complex technical matters clearly and concisely with audiences ranging from peers to Sr. Management.
- Development and upkeep of IR team standard operating procedures.
- Be familiar with current and proposed laws, regulations, industry standards, and ethical requirements related to information security and privacy.
- Recognize and recommend effective process changes as needed to enhance client defense and response procedures.
- Provide training to clients on all aspects of critical incident planning and response needed
- Bachelor’s degree in Computer Science or directly related IT field.
- 4+ years of professional IT Security Incident Response experience.
- Experience in security aspects of multiple platforms, operating systems, software, communications, and network protocols.
- Experience conducting forensic media acquisition and analysis.
- Experience in log file analysis.
- Strong verbal and written communication skills.
- Must be resourceful, creative, innovative, results driven, and adaptable.
- Ability to demonstrate analytical expertise, close attention to detail, excellent critical thinking, logic, and solution orientation and to learn and adapt quickly.
- Knowledge of network monitoring, analysis, troubleshooting, and configuration control technologies
- Experience with host-centric tools for forensic collection and analysis (RegRipper, ProDiscover, SIFT, Encase, Sleuth Kit, etc.)
- Strong IT infrastructure background including familiarity with the following: Snort, Wireshark, NMap
- Experience with host based detection and prevention suites (McAfee EPO, OSSEC, Yara, MIR, CarbonBlack, Tanium, etc.)
- Detailed understanding of APT, Cyber Crime and other associated tactics
- Some experience with malware analysis (dynamic and static)
- One or more applicable certifications including; CFCE, GCFE, OSCP, GCIA, CFE, CISSP or similar
No attachments will be accepted. Please email content of resume, references, work samples and preferred location (if applicable) by clicking on the apply button.
root9B is an equal opportunities employer and welcomes applications from all sections of society and does not discriminate on grounds of race, religion or belief, ethnic or national origin, disability, age, citizenship, marital, domestic or civil partnership status, sexual orientation, or gender identity