Job Description

Duties

• Perform real-time monitoring and triage of security alerts in Cybersecurity toolsets including SIEM, and EDR
• Make accurate determination of what alerts are false positives or require further investigation and prioritization
• Lead and actively participate in the investigation, analysis, and resolution of cybersecurity incidents. Analyze attack patterns, determine the root cause, and recommend appropriate remediation measures to prevent future occurrences
• Ensure accurate and detailed documentation of incident response activities, including analysis, actions taken, and lessons learned. Collaborate with knowledge management teams to maintain up-to-date incident response playbooks
• Collaborate effectively with cross-functional teams, including forensics, threat intelligence, IT, and network administrators. Clearly communicate technical information and incident-related updates to management and stakeholders
• Identify and action opportunities for tuning alerts to make the incident response team more efficient
• Monitor the performance of security analytics and automation processes regularly, identifying areas for improvement and taking proactive measures to enhance their efficacy
• Leverage Security Orchestration, Automation, and Response (SOAR) platforms to streamline and automate incident response processes, including enrichment, containment, and remediation actions
• Support the mentoring and training of more junior IR staff
• Stay informed about the latest cybersecurity threats, trends, and best practices. Actively participate in cybersecurity exercises, drills, and simulations to improve incident response capabilities

• Bachelor's degree in computer science, Cybersecurity, Information Technology, or a related field (or equivalent work experience)
• 3+ years of experience supporting incident response in an enterprise-level Security Operations Center (SOC)
• A deep understanding of cybersecurity principles, incident response methodologies, and a proactive mindset to ensure our SOC operates effectively in a high-pressure environment.
• Strong experience with security technologies, including SIEM, IDS/IPS, EDR, and network monitoring tools
• Experience with enterprise ticketing systems like ServiceNow
• Excellent analytical and problem-solving skills.
• Ability to work independently and in a team environment to identify errors, pinpoint root causes, and devise solutions with minimal oversight.
• Ability to learn and function in multiple capacities and learn quickly.
• Strong verbal and written communication skills

Must currently have or be willing to obtain one of the following certifications (or equivalent):

• GIAC Certified Incident Handler
• EC-Council's Certified Incident Handler (E|CIH)
• GIAC Certified Incident Handler (GCIH)
• Incident Handling & Response Professional (IHRP)
• Certified Computer Security Incident Handler (CSIH)
• Certified Incident Handling Engineer (CIHE)
• EC-Council's Certified Ethical Hacker

Shifts are 1430 - 2300 either Tues-Sat or Sun-Thurs.

#cjpost

Job Tags

Similar Jobs