• Drive Incident response process, including actively responding, mitigating, and/or providing direction to related collaborators.
• Conduct in-depth analysis of security incidents to determine root cause, impact, and remediation steps.
• Assist the Incident Response Lead in handling incidents and coordinating response efforts.
• Provide stewardship of all process and technology aspects of CyberThreat Prevention services.
• Engage with 3rd party SOC to implement high quality, efficient processes, and drive "shift left" processes and response automation.
• Assist the Incident Response Lead in managing incidents and coordinating response efforts.
• Ensure that all Service Offerings are available and operating reliably.
• Offering guidance and expert analysis on security event log management and data interpretation.
• Handle event correlation logic of SIEM platform.
• Tune alerting as required.
• Collaborate across security teams to develop and improve monitoring and detection mechanisms.
• Employ available technology and threat intelligence to detect notable events and generate resulting Security Incidents as appropriate.
• Develop and distribute timely communications to appropriate collaborators when incidents are detected and as mitigation progresses.
• Maintain and enhance operational runbooks.
• Create and/or partner with Automation team members to automate response runbooks.
• Establish and maintain good working relationships with all IT, Security, third-party, service consumer, and business collaborators.
• Ensure that appropriate maintenance, monitoring, automation, and response procedures are in place, to meet Security and availability objectives.
• Conduct operations in a quality manner, in accordance with our ITIL and other documented processes.
• Gather, analyze, and report on service consumption and value delivered to customers, to ensure SLAs are met.
• Understand Security and company objectives and develop support strategies that map to CyberThreat Prevention Service Offerings.
• Actively monitor new and emerging technologies, trends, issues, and solutions and assess their applicability to Ferguson’s Cyber Security capabilities.
• Contribute requirements to technology selection processes.
• Advocate for new/enhanced Security Service Offerings on behalf of Operations and its customers.
• Provide guidance and support to junior analysts in their development and understanding of incident response.
• Participate in training sessions as necessary to enhance skills in monitoring, supporting, maintaining, and operating new security technologies.
• Partner with Security Governance team to monitor and enforce compliance with the organization's security policies and standards among employees, contractors, and third parties responsible for Cyber Security.
• Adhere to all policies, rules, regulations, and procedures.
• Perform other duties or functions as requested by management.
• Participate in 24/7 "on-call" rotation as a technical and functional expert.

Qualifications and Requirements:

• Six (6) years of demonstrable experience is preferred to perform at expectation. Applies in-depth sophisticated knowledge and skills of a specific/specialized technical area with understanding of external environmental factors that may affect own specialist area. Provides experienced advice, coaching, and counseling within field/function area.
• Certifications not required, but GCIH (GIAC Certified Incident Handler), CISSP (Certified Information Systems Security Professional), or CASP+ (Certified Advanced Security Practitioner) preferred.
• Experience in one or more industry-standard SIEM, vulnerability management, or related offerings.
• Azure Sentinel, KQL experience preferred.
• Experience in leading security incident response activities.
• Experience in security event collection and event correlation.
• Experience in log analysis (EDR, Firewall, Active Directory, WAF).
• Experience in digital forensics analysis, binary triage, and reverse engineering preferred.
• Understanding and practical use of MITRE ATT&CK framework.
• Ability to organize and prioritize work.
• Ability to effectively communicate in writing.
• Ability to effectively communicate verbally.
• Ability to develop and deliver effective presentations to groups.
• Ability to lead and motivate individuals within a teams.
• Ability to efficiently operate computers, tablets, and mobile devices.
• Knowledge of Microsoft Office software (Outlook, Word, Excel, PowerPoint, Access, etc.).
• Working understanding of the SDLC and QA lifecycle and methodology preferred.
• Ability to work on multi-functional team.
• Ability to effectively communicate with all levels of the organization: Executives to developers.
• Application of logic, reasoning, and problem solving.
• Solid ability to work with time/date deadline.

At Ferguson, we care for each other. We value our well-being just as much as our hard work. We are committed to a holistic approach towards benefits plans and programs that support the mental, physical and financial well-being of our associates. Our competitive offering not only includes benefits like health, dental, vision, paid time off, life insurance and a 401(k) with a company match, but our associates also enjoy additional meaningful and inclusive enhancements that are adaptable to their diverse situations and needs, including mental health coverage, gender affirming and family building benefits, paid parental leave, associate discounts, community involvement opportunities and more!

• Pay Range:

Actual pay rate may vary depending upon location. The estimated pay range for this position is below. The specific rate will depend on a candidate’s qualifications and prior experience.

$6,805.95 - $11,921.25

Estimated Ranges displayed are Monthly for Salaried roles OR Hourly for all other roles.

This role is Bonus or Incentive Plan eligible.

The Company is an equal opportunity employer as well as a government contractor that shall abide by the requirements of 41 CFR 60-300.5(a), which prohibits discrimination against qualified protected Veterans and the requirements of 41 CFR 60-741.5(A), which prohibits discrimination against qualified individuals on the basis of disability.

Ferguson Enterprises, LLC. is an equal employment employer F/M/Disability/Vet/Sexual Orientation/Gender Identity.

Equal Employment Opportunity and Reasonable Accommodation Information