• Triage, pivot, and correlate across multiple networks and host-based log sources.
• Performing analysis of attacker activity in on-premises and cloud environments
• Proactively hunt for and identify malicious activity in various log sources using threat intelligence and other indicators of compromise.
• Communicate and collaborate with all areas of the business including executive leadership to educate and inform throughout the incident response lifecycle.
• Continually improve incident response procedures and documentation.
• Engage with Detection Engineering and Red Team to identify opportunities to better monitor/detect suspicious behavior and automate response capabilities.
• Participate in a weekly on-call rotation with other Incident Response team members.
• Participate in Threat Simulation activities with team members.
• Keep up to date on evolving cyber threats and identify methods to detect them

Minimum Qualifications:

• Bachelor's degree in information security, computer science, or equivalent combination of education, training, and experience.
• Three or more years in an Incident Response, Security Operations Center (SOC), or equivalent experience.

Desirable Skills:

• Experience with security tools including SIEM, EDR, AV, CASB, Next-gen Firewalls, and VPN.
• Experience with forensic, system, and network artifacts.
• Working knowledge of the MITRE ATT&CK framework and experience with sophisticated threat actor evidence including familiarity with Indicators of Compromise (IOCs), Indicators of Activity (IOAs), and Tools, Techniques, and Procedures (TTPs)
• Familiarity with cloud environments and containerization technologies (AWS, Azure, O365, Docker, Kubernetes).
• Functional and practical experience with at least one development or scripting language/framework (e.g. PowerShell, Python, .Net) and regular expressions.
• Hold or are willing to obtain certifications such as GCIH, GCFE, GCFA, GDAT, CISSP, or other relevant security certifications.

NA