- Minimum 1-2 years' hands-on experience working in incident response and/or other IT-related fields tied to networking and enterprise information system environments.
- Bachelor's Degree in a technical discipline preferred.
- Interest in the cyber security field including a specific focus on the following domains: enterprise security defense, network and application penetration testing, and incident response.
- Basic knowledge of network protocols, enterprise architecture, and common network logging functions.
- Good written and verbal communications skills are a must.
- Ability to prioritize assignments and efforts in a complex work environment.
- Self-motivated and able to work in an independent manner.
- Must be detail-oriented and willing to learn.
- Candidates should have a basic understanding of incident response processes, network investigative techniques, and cyber security trends and issues along with SIEM and SOAR technologies and uses. Candidates should have a basic working knowledge of Fire Eye, Microsoft Defender, Splunk, Armis
- Industry certifications such as CEH, CISA, Security + are desirable
- Understand CSIRT functions and participates in the triage of cyber security events.
- Receive and analyze alerts from various sources within the enterprise and determine possible causes of such alerts.
- Triage logs from various security controls, including, but not limited to, firewall, proxy, host intrusion prevention systems, endpoint security, application, and system logs, to identify possible threats to network security.
- Enrich security event data to streamline the incident response process using SIEM and other correlation technologies.
- Perform incident triage, documentation, and escalation of appropriate incidents to cyber security incident handlers.
- Maintain proper documentation and creation of reports
- The Cybersecurity Analyst will coordinate the preliminary response activities for cyber security incidents across the company environment.
- The successful candidate will focus on preliminary identification and analysis of potential cyber security incidents.
- The successful candidate will perform triage functions such as email review, log analysis, analysis of network traffic and endpoint systems, enrich data, and will be responsible for escalating and assigning the incidents to level two incident handlers.