We are seeking for an Incident Response Analyst. He/she will be responsible for incident response, threat hunting, and data analysis to protect and maintain the overall security of the enterprise.
- Ability to take lead and work in a trustworthy working environment.
- Partner with the required teams and get seamless outputs.
- Should be curious to learn more and collaborate whenever needed.
- Ability to independently manage projects and report/present efforts to clients.
- Strong communication skills.
- Monitor, identify, investigate, and resolve security incidents.
- Perform assessment and security evaluation for systems, network and perimeter controls, log and event correlation, and system and network component baselining.
- Support ongoing tracking and remediation of security issues, ensuring that tickets are closed and issues are addressed in a timely manner.
- Ensure that changes and enhancements are carried out properly and on a timely basis within corporate security guidelines for change, configuration and patch management. Security oversight of a regimented change and release management methodology includes assigning security and patch updates to follow the firm’s change management procedures and a patch release schedule.
- Manage multiple priorities effectively. Maintain clear and efficient communications with management and customers. Provide interactive discussion and guidance to peers. Discuss technical subject matter for other IT functions.
- Work closely with development, network, and support teams in implementation of infrastructure components supporting emerging technologies and applications.
- Support activity and progress reports ensuring issues are properly escalated and resolved to maintain delivery schedule, project cost, and desired results.
- Respond to issue escalation and service interruption as a confident technical resource. Will support technical leadership role in problem resolution and root cause analysis. Will be expected to provide actionable after-incident analysis to ensure root cause issues are logged and remediated.
- Participate in additional projects, assignments or initiatives as required.
Assist with the creation of Incident Response run books for analysis and response to cybersecurity incidents.
- Evaluate information security solutions and processes to provide recommendations supporting Dell security standards.
- Utilize internal guidelines to properly fulfill client requests and resolve cybersecurity incidents received via e-mail or internal ticketing systems in a timely and detail-oriented manner.
- Investigate and analyze data sets to identify trends and anomalies indicative of malicious activities.
- Perform analysis of malicious artefacts to classify the type of attack and determine remediation.
- Display foundational understanding of Security Operations Center and/or Incident Response Team procedures.
- Bases in Cybersecurity, desirable in Incident Handling (Incident Response Lifecycle).
Familiar with a ticketing system.
- Understanding of network defense principles, common attack vectors, incident response methodologies, log analysis, and attacker techniques.
- Knowledge of Access Controls, including Active Directory, SQL, Sharepoint and Strong Authentication capabilities.
- Functional knowledge of core Networking concepts including TCP/IP, DHCP, DNS, load-balancing, VLAN segmentation, network traffic capture and analysis (basic level). Strong input for Remote Access and VPN systems, with a knowledge of Zero Trust networking.
- Expert knowledge of incident response guidance and tools such as NIST 800-61 or SANS Incident Response Process.
- Experience with using MITRE Telecommunication & CK, particularly in the context of Incident Response.
- Experience with enterprise security products such as Endpoint Detection and Response (EDR), network intrusion detection/prevention systems (NIPS or NIDS), and Security Orchestration, Automation, and Response (SOAR) products.
- Experience performing Incident Response services over cloud services (IaaS, PaaS, SaaS)
- Experience with security services of major cloud providers.
- Ability to support appliance and cloud-based Authorization and Password Vaulting systems, enterprise level Malware systems and content filtering systems.
- Knowledge of service and software update releases and processes including participation in the patch management program.
- Experience with current best practices in IT standards, principles, and security practices.