Senior Threat Detection & Response Analyst will serve as a technical expert inside the Security Operations Center. The Senior TDR Analyst is engaged throughout the incident lifecycle from escalation to resolution, will take actions based on exposure, and report recommendations to management. The Senior TDR Analyst will make decisions and recommendations on implementing and improving standard operating procedures as well as security tooling to aid in the response process. This is a unique opportunity to work for a telecommunications company protecting national critical infrastructure.
- Detect and respond to workstation, server and network incidents using SIEM, behavioral analytics, and network analysis.
- Review and respond to escalated security events from Tier I/II analysts.
- Respond to service provider network attacks affecting critical network infrastructure and the cloud environment.
- Identify and hunt threats within the environment.
- Write detection signatures, tune systems / tools, develop automation scripts and correlation rules.
- Maintain knowledge of adversary Tactics, Techniques, and Procedures (TTP).
- Conduct forensic analysis on systems and engage third-party resources as required.
- Contribute to projects, meetings, and ad-hoc requests.
- Mentor and train Tier I/II analysts.
- Four or more years of technical experience in the information security field.
· Four or more years of practical experience in an incident response role.
· Experience in the application of Incident Response methodologies.
· Experience working with a SIEM with the ability to understand and modify threat detection rules.
- Experience with open source intelligence OSINT feeds.
- Strong knowledge and experience with the Windows and Linux operating systems.
- Working knowledge of cloud technologies such as Amazon, Azure and Google.
- Experience using Python, PowerShell, or equivalent scripting language.
- Strong knowledge of network protocols, web servers, authentication mechanisms, anti-virus and server applications.
- Ability to execute under pressure.
- Ability to perform independent analysis, distill relevant findings and root cause.
- Ability to communicate complex ideas clearly and effectively using written and verbal communication.
- BS in Computer Science, Information Systems, Engineering, etc.
- Cloud technology experience and incident response techniques.
- Experience with endpoint security agents (Carbon Black, Crowdstrike, etc.).
- Maintains an industry certification such as GCIH, CCIA, GIAC, CISSP, or CISM.
- Experience with network forensics and associated toolsets, (Suricata, WireShark, PCAP, tcpdump, etc.) and analysis techniques.
- Experience with host-based detection and prevention suites (Microsoft SCEP, Carbon Black Response, OSSEC, etc.).
- Understanding of log collection and aggregation techniques, Elastic Search, Logstash, Kibana (ELK), syslog-NG, Windows Event Forwarding (WEF), etc.