• Analyze incoming security events based on different data points; network, endpoint, and log sources expediently, consistently, and accurately
• Prioritize incoming events exceptionally well
• Willingness to run a security incident to completion; detect, work with team members, and communicate effectively with internal and external team parties throughout the process.
• Steer complex investigations within your area of expertise, and leverage your security knowledge to engage the other experts within other disciplines appropriately
• Prioritize task work according to understood and implied priorities
• Conduct quality reviews on outgoing tickets, security engagements, and at a system level looking for areas of improvement
• Contribute your security expertise using the development platform to elevate more precise signal with minimal noise
• Ability to coach and mentor other team members to share knowledge and expertise
• Continuously broaden your security expertise and depth within a set competency

Required Qualifications

• 5+ years Industry experience; Information Security, Network Security, or Cyber Security roles focusing on threat hunting, incident response, or security analysis.
• Threat Intelligence Analysis experience: Staying updated on the latest cyber threats, attack vectors, and industry trends through threat intelligence sources and analyzing threat data to identify potential risks to the organization.
• Proactive Threat Hunting experience: Utilizing security tools, techniques, and methodologies to proactively search for signs of compromise and malicious activity within the network environment.
• Incident Response experience: Collaborating with incident response teams to investigate and respond to security incidents promptly. Taking necessary actions to contain and eradicate threats, minimizing their impact on organizational assets.
• Forensic Analysis experience: Conducting forensic analysis of security incidents to gather evidence, understanding attack methodologies, and improving threat detection capabilities.
• Have deep technical competency in the following:
• Networking – common protocols, server/client infrastructure, routers, switches, WAPs, etc
• Perimeter – firewalls, IDS, IPS, UTM, WAF, Gateways, Proxys, Mail Servers, etc
• Authentication – AD, SSO, MFA, etc
• IaaS – cloud services, AWS, Azure, GCP
• End Point – MDM, EDR, EPP, AV
• SaaS – collaboration tools including O365, GSuite, Box, Salesforce, Workday, etc
• Assist in the incident Response life cycle for Analysis; Containment, and Eradication
• Ability to advise and coach clients during an active breach on how to remediate and secure their environment.
• Create and audit new and existing detections for malicious activity
• Analyze incoming security events in a SIEM based on network, endpoint, firewall, cloud, DNS and others as needed expediently, consistently, and accurately to determine if an event is malicious
• Experience working in a Security Operation Center, security incident response teams, or in roles with security forensics or malware analysis disciplines.
• Analyze log and system data from the above list and other IT systems
• Know how to use one or more scripting tools and languages such as Python, Bash, and Power Shell
• Great writing and speaking skills
• A positive "can-do" attitude
• A willingness to learn and continuous self-improvement
• There are no specific degree or certification requirements but degrees in engineering or technology are a plus. Relevant certifications (e.g., CISSP, GIAC, CEH) are a plus.

NA