Job Summary: 

• Protect the organization’s IT assets as a member of the Cybersecurity Operations Center (CSOC).
• Review daily cyber events to identify risk indicators and reduce gaps in network and host security controls.
• Follow CSOC processes to interpret, triage, and escalate endpoint and network threat detections.
• Collaborate with IT Ops and end users to improve security posture and support incident response (IR) decisions.
• Prepare CSOC reports documenting IT incidents from discovery to remediation.
• Advise leadership on strategies to improve security operations and proactively thwart intrusion attempts.
• Support vulnerability and cyber risk management functions by continually monitoring and mitigating IT threats.
• Test and evaluate technology solutions in preparation for small- and large-scale deployments.
• Work with a diverse team of security professionals to address complex issues and tasks in a fast-paced environment.
• Fulfill periodic on-call responsibilities.

Skills on Resume: 

• Cyber Threat Analysis (Hard Skills)
• Incident Response (Hard Skills)
• Network Security Monitoring (Hard Skills)
• Vulnerability Management (Hard Skills)
• Report Documentation (Hard Skills)
• Collaboration (Soft Skills)
• Problem Solving (Soft Skills)
• Adaptability (Soft Skills)

Job Summary: 

• Respond immediately to possible security breaches.
• Use various computer forensic tools proficiently.
• Obtain and maintain a security clearance.
• Perform effectively in high-stress environments.
• Stay abreast of cutting-edge attack vectors.
• Actively monitor systems and networks for intrusions.
• Identify security flaws and vulnerabilities.
• Perform security audits, network forensics, and penetration testing.
• Conduct malware analysis and reverse engineering.
• Develop response procedures for security problems.
• Establish internal and external communication protocols during security incidents.
• Produce detailed incident reports and technical briefs for management, administrators, and end-users.
• Liaise with other cybersecurity and risk assessment professionals.

Skills on Resume: 

• Incident Response (Hard Skills)
• Forensic Tools (Hard Skills)
• Security Clearance (Hard Skills)
• Stress Management (Soft Skills)
• Threat Intelligence (Hard Skills)
• Network Monitoring (Hard Skills)
• Vulnerability Assessment (Hard Skills)
• Team Collaboration (Soft Skills)

Job Summary: 

• Monitor and respond to security events and incidents using established processes, creating processes and procedures where none exist.
• Detect and assess threats to computer networks and assets.
• Review incident data, provide root cause analysis, and recommend actions to prevent future occurrences.
• Serve as a Subject Matter Expert (SME) in cybersecurity architecture, engineering, and policy.
• Support critical assessment of proposed system changes and configuration changes for weaknesses and opportunities for improvement.
• Perform deep packet inspection, review system logs, and correlate network data to identify security incidents.
• Search for threats and malware that alarms miss, and develop indicators and tripwires to improve detection and prevention capabilities.
• Build and prepare executive dashboards to communicate risks and incidents across the organization.

Skills on Resume: 

• Incident Management (Hard Skills)
• Threat Detection (Hard Skills)
• Root Cause Analysis (Hard Skills)
• Cybersecurity Expertise (Hard Skills)
• System Assessment (Hard Skills)
• Packet Inspection (Hard Skills)
• Threat Hunting (Hard Skills)
• Risk Reporting (Hard Skills)

Job Summary: 

• Triage and assess security concerns, develop remediation plans, and drive security incidents to resolution.
• Respond to intrusion attempts, identify the full scope of impact, and determine the attack vector.
• Manage various communication streams, including cross-company and executive communications.
• Facilitate post-incident reviews, document root causes, and work with impacted teams to address resolution actions.
• Collaborate with Oracle operations, engineering, and partner security teams during all phases of the incident response lifecycle.
• Develop and maintain incident response procedures and runbooks.
• Develop scripts and processes to improve detection capabilities and automation.
• Research industry trends, identify ongoing security threats, analyze new security testing tools, and provide recommendations on their need and usefulness.
• Support other security functions and teams to ensure holistic implementation of security controls, technologies, practices, and programs.

Skills on Resume: 

• Incident Triage (Hard Skills)
• Intrusion Analysis (Hard Skills)
• Communication Management (Soft Skills)
• Post-Incident Review (Hard Skills)
• Team Collaboration (Soft Skills)
• Response Procedures (Hard Skills)
• Security Automation (Hard Skills)
• Threat Research (Hard Skills)

Job Summary: 

• Detect and respond to IS/IT security threats within global corporate landscapes, including production, development, and datacenter environments.
• Execute incident response plans, identify root causes, and drive mitigations to prevent future occurrences.
• Operate across necessary technologies to identify and respond to IS/IT threats, including SIEM, Elastic Security, and SOAR Palo Alto XSOAR.
• Request necessary actions from other IT teams and follow up upon execution.
• Participate in projects that improve intrusion detection and incident response capabilities.
• Contribute to the creation and improvement of incident response procedures and remediation workflows, including automation, context, and orchestration as code.
• Assist in the creation and improvement of security detection rules on the SIEM.
• Serve as part of the first line of defense, handling active security events and cutting-edge threats from multiple sources as part of a 24/7 on-call rotation.

Skills on Resume: 

• Threat Detection (Hard Skills)
• Incident Response (Hard Skills)
• SIEM Operations (Hard Skills)
• Cross-Team Coordination (Soft Skills)
• Detection Improvement (Hard Skills)
• Response Procedures (Hard Skills)
• Rule Development (Hard Skills)
• On-Call Support (Soft Skills)

Job Summary: 

• Develop operational procedures to implement and continually improve the incident response process.
• Monitor security alerts within the tech stack and investigate potential security incidents.
• Analyze alerts to classify and assess impact, manage high-priority incidents, communicate with the business, and facilitate root cause analysis and resolution.
• Perform cyber security investigations as part of incident analysis.
• Coordinate with other departments on remediation tasks and escalate unresolved incidents.
• Perform post-mortem analysis to identify root causes and design controls or measures to prevent future incidents.
• Write comprehensive investigation reports capturing investigation details and root cause analysis aligned with modern Tactics, Techniques, and Procedures (TTPs).
• Collaborate with content production for security awareness.

Skills on Resume: 

• Incident Response (Hard Skills)
• Security Monitoring (Hard Skills)
• Alert Analysis (Hard Skills)
• Cyber Investigation (Hard Skills)
• Cross-Department Coordination (Soft Skills)
• Root Cause Analysis (Hard Skills)
• Report Writing (Hard Skills)
• Security Awareness (Soft Skills)

Job Summary: 

• Serve as incident response technical lead for high-impact cybersecurity incidents.
• Evaluate events, escalations, and incidents to determine remediation and resolution actions.
• Coordinate response activities across teams or directly with partners to address potential threats.
• Update playbooks to improve processes and enhance information sharing across teams.
• Provide knowledge sharing, mentoring, and support to junior team members.
• Work with the internal red team to test process development and effectiveness.
• Review logs and events from IDS, SIEM, WAF, and NG Firewall/Web Proxy.
• Identify and detect Indicators of Compromise within the corporate network and infrastructure.
• Participate in the on-call team responsible for detecting and responding to cybersecurity incidents.
• Help maintain the Secure Systems Development Life Cycle across all stages.

Skills on Resume: 

• Incident Leadership (Soft Skills)
• Incident Analysis (Hard Skills)
• Cross-Team Coordination (Soft Skills)
• Playbook Development (Hard Skills)
• Mentoring Juniors (Soft Skills)
• Red Team Collaboration (Hard Skills)
• Log Analysis (Hard Skills)
• Threat Detection (Hard Skills)

Job Summary: 

• Handle incident response activities before, during, and after incidents.
• Act as the central point of contact during incidents.
• Draft, review, and communicate post-mortem reports to stakeholders.
• Lead internal investigations in accordance with established policies.
• Leverage legal, compliance, and privacy experts to consult and advise on regulatory aspects of incidents.
• Participate in implementing a complete set of incident response workflows, including automation and vulnerability response.
• Identify, investigate, and respond to different attacks, including malware analysis, host forensics, and packet analysis.
• Minimize the chances of security breaches through computer networks.
• Provide consulting and advice to internal and external stakeholders.
• Maintain a strong security structure and develop incident response plans.

Skills on Resume: 

• Incident Response (Hard Skills)
• Crisis Communication (Soft Skills)
• Report Writing (Hard Skills)
• Investigation Leadership (Soft Skills)
• Regulatory Knowledge (Hard Skills)
• Workflow Implementation (Hard Skills)
• Attack Analysis (Hard Skills)
• Security Planning (Soft Skills)

Job Summary: 

• Drive resolution efforts for major incidents impacting service availability across multiple product offerings, including Online and Mobile banking.
• Lead incident bridge calls with participants across multiple technical and business teams.
• Engage appropriate resolver teams to support incident resolution.
• Provide status updates to internal and external stakeholders.
• Capture documentation of ongoing actions and events throughout incidents.
• Perform post-incident activities in close coordination with technical and operational teams, and write and distribute Root Cause Analysis reports.
• Collaborate across business and technology organizations to improve processes and procedures for effective incident coordination.
• Maintain operational readiness to conduct consultation calls and provide clients with accurate advice.
• Engage with client teams to review documentation and provide constructive, meaningful feedback and analysis.

Skills on Resume: 

• Incident Resolution (Hard Skills)
• Bridge Facilitation (Soft Skills)
• Team Engagement (Soft Skills)
• Status Communication (Soft Skills)
• Incident Documentation (Hard Skills)
• Root Cause Analysis (Hard Skills)
• Process Improvement (Soft Skills)
• Client Consultation (Soft Skills)

Job Summary: 

• Lead incident response for high-impact cybersecurity incidents.
• Triage events, escalations, and incidents to determine remediation and resolution actions.
• Perform analyses on hosts running across various platforms and operating systems.
• Analyze logs and artifacts from multiple sources (host/network alerts, host logs, network traffic logs, malicious files, registry, filesystems, etc.) to identify threats.
• Perform real-time threat hunting and incident handling, including data collection, intrusion correlation and tracking, threat analysis, and system remediation.
• Leverage tools such as Tanium, FireEye suite, GRR, Volatility, SIFT Workstation, MISP, and Bro to conduct cyber incident response analysis.
• Utilize data analytics tools such as Splunk to interpret machine data for threat hunting and incident response missions.
• Collect intrusion artifacts and apply findings to enable mitigation across the enterprise.
• Track and document hunts and incidents from initial detection through final resolution.

Skills on Resume: 

• Incident Response (Hard Skills)
• Event Triage (Hard Skills)
• Host Analysis (Hard Skills)
• Log Analysis (Hard Skills)
• Threat Hunting (Hard Skills)
• Forensic Tools (Hard Skills)
• Data Analytics (Hard Skills)
• Incident Documentation (Hard Skills)

Job Summary: 

• Respond to and investigate internally and externally driven incidents.
• Proactively hunt for threats and initiate incident response steps for discovered anomalies.
• Work closely with information security leadership and business stakeholders as part of a team of responders.
• Document and communicate incident details from initial investigation through closure and post-mortem.
• Perform digital forensics on laptops, desktops, and mobile devices.
• Maintain the chain of custody and verify evidence is preserved and has not been tampered with.
• Execute in all phases of the Incident Response Lifecycle (supporting recovery).
• Document and communicate security findings, prioritize key risks to Amtrak, and recommend solutions.
• Regularly participate in tabletop exercises designed to identify gaps, improve skills, enhance communication, and engage with stakeholders.
• Review technical reports from vulnerability and penetration testing assessments, as well as results from tabletop exercises, to identify potential future incidents.
• Develop, refine, recommend, and maintain playbooks, policies, and procedures to ensure alignment with industry best practices.
• Remain current and aware of relevant cyber events.

Skills on Resume: 

• Incident Investigation (Hard Skills)
• Threat Hunting (Hard Skills)
• Stakeholder Collaboration (Soft Skills)
• Incident Communication (Soft Skills)
• Digital Forensics (Hard Skills)
• Evidence Preservation (Hard Skills)
• Incident Lifecycle (Hard Skills)
• Policy Development (Hard Skills)

Job Summary: 

• Provide analysis and trending of security log data from enterprise security devices and systems.
• Support Incident Response (IR) when analysis confirms a security incident to help contain and eradicate threats.
• Perform incident triage, incident response, and forensic investigations across endpoints and cloud environments.
• Conduct technical examinations of computer-based evidence, including logs, packet captures, SIEM and IDS events, disk forensics, malware analysis, and more.
• Document incidents from initial detection through final resolution and present the findings.
• Assist with threat and vulnerability analysis, monitoring, and mitigation.
• Investigate, document, and report on information security issues.
• Coordinate with Cyber Intel analysts on open and closed source activities impacting the Company.
• Integrate and share information with other analysts and teams.
• Work with SIEM administrators to build detections that proactively identify real-world threats across a broad range of technologies and log sources.
• Assist with the creation and maintenance of standard processes, operating procedures, and incident response playbooks.
• Work in a hybrid managed services environment utilizing various partners.

Skills on Resume: 

• Log Analysis (Hard Skills)
• Incident Response (Hard Skills)
• Incident Triage (Hard Skills)
• Forensic Investigation (Hard Skills)
• Incident Documentation (Hard Skills)
• Threat Mitigation (Hard Skills)
• Intel Collaboration (Soft Skills)
• Process Development (Hard Skills)

Job Summary: 

• Monitor all operations, networks, and infrastructure for security issues and investigate incidents.
• Quickly classify incidents and begin the necessary course of action.
• Monitor internal and external policies for compliance.
• Develop security standards and best practices for the organization.
• Plan and execute the organization’s Incident Response (IR) plan.
• Create and direct security information assurance for the organization.
• Provide support for complex computer network exploitation and defense techniques, including deterring, identifying, and investigating intrusions.
• Prepare reports documenting security incidents and the extent of the damage caused.
• Provide technical support for a comprehensive risk management program by identifying mission-critical processes and systems, current and projected threats, and system vulnerabilities.
• Research the latest information technology (IT) security trends.
• Review logs to perform high-level forensics.
• Drive lessons learned and remediation activities throughout the organization.
• Recommend security enhancements to management or senior staff.

Skills on Resume: 

• Security Monitoring (Hard Skills)
• Incident Classification (Hard Skills)
• Policy Compliance (Hard Skills)
• Security Standards (Hard Skills)
• Incident Response (Hard Skills)
• Information Assurance (Hard Skills)
• Risk Management (Hard Skills)
• Forensic Reporting (Hard Skills)

Job Summary: 

• Handle day-to-day operations to monitor, identify, triage, and investigate security events from various Endpoint (EDR), Network, and Cloud security tools, detect anomalies, and report remediation actions.
• Analyze firewall logs, server logs, and application logs to investigate events and incidents for anomalous activity and produce reports of findings.
• Conduct reviews and analysis of proxy logs, Microsoft Windows and Active Directory logs, and malicious code to identify, contain, eradicate, and ensure recovery from incidents.
• Create and maintain process tools and documentation.
• Perform all stages of incident response from detection to postmortem.
• Collaborate with stakeholders to build and improve the Security Orchestration Platform.
• Document incident notes clearly in the case management solution.
• Perform basic forensics and malware analysis based on playbooks and procedures.
• Maintain a high level of confidentiality and integrity.

Skills on Resume: 

• Event Monitoring (Hard Skills)
• Log Analysis (Hard Skills)
• Incident Containment (Hard Skills)
• Process Documentation (Hard Skills)
• Incident Response (Hard Skills)
• Platform Improvement (Soft Skills)
• Malware Analysis (Hard Skills)
• Confidentiality Maintenance (Soft Skills)

Job Summary: 

• Triage incidents to closure that arise from various sources to protect ASOS customers, employees, and the brand.
• Cross information from different security controls and collaborate with relevant teams and third parties to run analyses that achieve accurate findings.
• Run thorough internal investigations of insider threats, working on cases of attempted complex fraud or criminal activity in conjunction with the Physical Security and Fraud teams, while collecting digital evidence applicable for prosecution in court.
• Deliver detailed, constructive, and formatted IR reports documenting detection and response requirements for internal stakeholders, external authorities (ICO, NCSC, NCA, etc.), and auditors.
• Continuously reduce time to Detection, Response, and Mitigation (TTD, TTR, TTM).
• Research new detection rules for emerging threats and constantly improve current detection rules for known threats to capture attack mutations across multiple security controls.
• Devise response procedures to mitigate and contain detected cyber-attack vectors across multiple security controls.
• Support mitigation and containment of extended cyber incidents outside of working hours.
• Drive implementation of post-incident actions and lessons learned to prevent recurring attacks.

Skills on Resume: 

• Incident Triage (Hard Skills)
• Cross-Team Collaboration (Soft Skills)
• Insider Investigation (Hard Skills)
• IR Reporting (Hard Skills)
• Detection Improvement (Hard Skills)
• Threat Research (Hard Skills)
• Response Procedures (Hard Skills)
• Post-Incident Actions (Hard Skills)

Job Summary: 

• Serve as technical lead on incidents by acquiring and conducting deep-dive analysis of artifacts such as logs, memory, and system data with various tools to determine the extent of a compromise and attacker activity.
• Complete response activities across all incident management phases from identification through lessons learned.
• Conduct analytics during and after incidents to determine root causes and recommend proper mitigation for future cybersecurity events.
• Maintain current knowledge of attacker tools, techniques, and procedures, and provide technical summaries and briefs to Security Leadership.
• Participate in threat intelligence processes and attack research by pivoting on IOCs and TTPs and leveraging multiple technologies to detect undiscovered threats.
• Proactively protect the organization from credible attacks by owning and driving the implementation of mitigating controls.
• Investigate alerts, anomalies, errors, intrusions, and malware for evidence of compromise.
• Ensure compliance with incident SLAs and report KPIs to stakeholders.
• Assist and mentor Incident Response Analysts by providing internal training sessions on technical response capabilities and actions.

Skills on Resume: 

• Artifact Analysis (Hard Skills)
• Incident Management (Hard Skills)
• Root Cause Analysis (Hard Skills)
• Threat Intelligence (Hard Skills)
• Attack Research (Hard Skills)
• Mitigation Controls (Hard Skills)
• Alert Investigation (Hard Skills)
• Analyst Mentoring (Soft Skills)

Job Summary: 

• Preserve and analyze data from diverse digital sources, including laptop and desktop computers, servers, networks, and mobile devices.
• Form and articulate expert opinions based on findings.
• Apply deep technical knowledge of methods utilized for evidence collection, maintenance of the chain of custody and associated documentation, evidence storage and analysis, and evidentiary reporting.
• Utilize expert knowledge of forensic file systems and memory techniques, and the most commonly used toolsets.
• Apply strong knowledge of incident response, forensics, and investigation processes.
• Work with Windows and UNIX-based operating systems.
• Analyze IP protocols and perform protocol analysis utilizing tools such as Wireshark.
• Collaborate with the SOC in the development and implementation of monitoring security events for anomalies and the detection of security incidents.
• Develop strong working relationships with stakeholders from a variety of teams.
• Plan, conduct, review, and perform integration testing of the responsible deliverables for environment changes.
• Create scripts and integrations with other IT security tools to ensure full investigations and efficient incident response.

Skills on Resume: 

• Digital Forensics (Hard Skills)
• Expert Reporting (Hard Skills)
• Evidence Handling (Hard Skills)
• Forensic Tools (Hard Skills)
• Incident Investigation (Hard Skills)
• OS Proficiency (Hard Skills)
• Protocol Analysis (Hard Skills)
• Stakeholder Collaboration (Soft Skills)

Job Summary: 

• Perform incident response duties within the client’s Security Operations Center.
• Work alongside customer employees to react to pending, discovered, or actual incidents, remediate threats immediately.
• Communicate with stakeholders according to the incident threat checklist.
• Document findings within After Action Reports while logging the incident and providing intelligence gathered throughout the incident lifecycle.
• Collaborate with specialized cybersecurity professionals who perform intelligence and threat-based security assessments on critical systems, major applications, and networks to identify risks and brief system owners on potential mission impacts.
• Apply and understand a wide range of technical principles, theories, and concepts.
• Analyze potential attack vectors, loss conditions, and unacceptable loss consequences, and propose mitigation approaches.
• Research and develop unique, cutting-edge technical capabilities and processes for understanding, assessing, and analyzing system and technology resilience and security.
• Create, modify, or assist with authoring scripts to automate repetitive tasks and free up time for advanced investigations and other projects.

Skills on Resume: 

• Incident Response (Hard Skills)
• Threat Remediation (Hard Skills)
• Stakeholder Communication (Soft Skills)
• After Action Reporting (Hard Skills)
• Risk Assessment (Hard Skills)
• Attack Analysis (Hard Skills)
• Process Development (Hard Skills)
• Scripting Automation (Hard Skills)

Job Summary: 

• Capture and perform initial analysis on volatile data, log data, and captured network traffic data.
• Identify immediate intrusion-related artifacts to enable the implementation of defensive countermeasures.
• Develop procedures or scripts to identify such data.
• Coordinate the shipment of original forensic evidence (hard drives, USB drives, etc.) for forensic imaging immediately after volatile data capture or system power-down, in conjunction with approved requests.
• Send individual files identified or suspected of being malicious by e-mail in approved formats to the designated distribution list for automated malicious code analysis and/or static, dynamic, or reverse engineering analysis by malware analysts.
• Work and interact with other DCO professionals, internal and external to the organization, as well as with Law Enforcement, Counter-Intelligence LNOs, and intelligence professionals, as a technical specialist to understand higher-level adversary capabilities.
• Document, update, and enhance processes and procedures by producing training materials, standards documents, and reports.
• Coordinate appropriate response activities across teams or directly with stakeholders to rapidly remediate potential threats.
• Initiative and project-related support to provide Security Operations and Incident Response perspective and subject matter expertise.

Skills on Resume: 

• Data Analysis (Hard Skills)
• Intrusion Detection (Hard Skills)
• Script Development (Hard Skills)
• Evidence Handling (Hard Skills)
• Malware Submission (Hard Skills)
• Law Enforcement Collaboration (Soft Skills)
• Process Documentation (Hard Skills)
• Threat Remediation (Hard Skills)

Job Summary: 

• Configure mainframe security monitoring tools and maintain documentation for response procedures.
• Work with third-party vendors and other departments to implement security monitoring solutions on mainframes and related databases.
• Mitigate and resolve security events and incidents related to the mainframe environment.
• Analyze the security impact of each request and resolve the threat.
• Implement security monitoring rules, monitor security systems, analyze events, and investigate security-related incidents related to mainframe systems and databases.
• Partner with the division and the enterprise to develop, communicate, and implement rules that meet business needs while following security administration policies and standards and limiting information security risk.
• Provide problem support within the department and partner with other members of Identity Access Management, Information Security, Information Technology, and other departments to identify and resolve security issues.
• Establish and maintain effective service relationships with business units and departments by keeping them informed of the status of their security requests and tickets, understanding their business needs, and explaining the rationale behind security policies, procedures, and monitoring.
• Identify opportunities to improve the quality, efficiency, and effectiveness of the department and processes that affect divisions and the enterprise.
• Maintain awareness of the department’s dashboard and provide suggestions to improve performance.

Skills on Resume: 

• Security Configuration (Hard Skills)
• Vendor Collaboration (Soft Skills)
• Incident Mitigation (Hard Skills)
• Threat Analysis (Hard Skills)
• Rule Implementation (Hard Skills)
• Policy Compliance (Hard Skills)
• Issue Resolution (Hard Skills)
• Service Relationship (Soft Skills)

Job Summary: 

• Leverage security technologies and tools such as SIEM, IDS/IPS, and Extended Detection and Response (XDR).
• Collaborate with the cyber intelligence team and partners to share threat intelligence and response methods, strengthen defenses, and assist in developing and improving incident response processes.
• Perform proactive analysis and reporting of cyber threats and security anomalies.
• Perform incident response and digital forensic analysis of compromised systems, identify issues, and provide remediation recommendations.
• Conduct host- and network-based forensics across Windows, Mac, and Linux platforms as well as cloud environments.
• Participate in threat hunting missions and remediate identified gaps.
• Compose and deliver Situation Reports for key stakeholders.
• Conduct tabletop exercises with MoneyGram stakeholders and recommend changes and improvements in security processes and technologies.
• Maintain documentation regarding the collection of electronic data obtained from systems in connection with discovery obligations.
• Conduct and assist with incident response by investigating, analyzing, and remediating incidents, including supporting cyber threat intelligence research.
• Mentor and coach junior team members and work effectively as part of a team unit.
• Provide on-call 24/7 support on a rotational basis.

Skills on Resume: 

• Security Tools (Hard Skills)
• Threat Collaboration (Soft Skills)
• Threat Analysis (Hard Skills)
• Forensic Response (Hard Skills)
• Host Forensics (Hard Skills)
• Threat Hunting (Hard Skills)
• Situation Reporting (Hard Skills)
• Team Mentoring (Soft Skills)

Job Summary: 

• Perform network- and host-based intrusion detection and identification, information security, privacy, and incident response and management.
• Perform incident triage to determine scope, urgency, and operational impact.
• Conduct cloud infrastructure incident response and forensics.
• Investigate suspected intrusions and suspicious activities.
• Participate in incident response tabletop exercises to validate existing processes and procedures and document lessons learned.
• Support escalations requiring advanced analytics and investigation.
• Perform threat hunting activities.
• Analyze suspicious websites, emails, and web downloads for malicious behaviors.
• Conduct forensic analysis and provide recommendations in reports on corrective actions for cyber intrusions and malware incidents.
• Utilize forensic and malware analysis tools to perform digital evidence preservation, analysis, data recovery, and documentation based on established procedures.
• Acquire full disk images, including volatile and non-volatile data.
• Perform reverse engineering of suspicious code.
• Maintain liaison and collaboration with leadership, program managers, and other designated officials in support of cyber and insider threat activities.
• Advance incident response practices through participation and improvement initiatives.
• Review log events from IDS, SIEM, WAF, NG Firewall, and Web Proxy.
• Identify and hunt for Indicators of Compromise within corporate networks and cloud environments.
• Serve as part of the on-call team responsible for detecting and responding to cybersecurity incidents.
• Help maintain secure systems development practices.

Skills on Resume: 

• Intrusion Detection (Hard Skills)
• Incident Triage (Hard Skills)
• Cloud Forensics (Hard Skills)
• Threat Hunting (Hard Skills)
• Malware Analysis (Hard Skills)
• Reverse Engineering (Hard Skills)
• Log Review (Hard Skills)
• Incident Response (Hard Skills)

Job Summary: 

• Take ownership of incidents reported to the Incident Response Team from start to finish.
• Regularly review team performance and contribute to metrics and quality assurance activities.
• Perform technical analysis for security incidents, including malware, web attacks, lateral movement, and other ad hoc issues.
• Identify and lead projects focused on improving SOC operations through technology.
• Maintain on-call availability to handle escalated events after hours and provide emergency coverage in the SOC.
• Mentor and coach SOC Tier 1 staff to enhance operations and strengthen their capabilities.
• Actively participate and provide situational leadership in incident response activities.
• Conduct technical analysis and assessments of security incidents, including malware analysis, packet-level analysis, and system-level forensic analysis.
• Collect and analyze disk and memory images to uncover information related to security incidents.
• Identify major threats targeting users or leveraging company infrastructure.
• Develop incident response plans and procedures covering identification, remediation, containment, and eradication steps.
• Perform technical cybersecurity investigations, conduct root cause analysis, and recommend mitigations for incidents, with emphasis on public cloud environments.
• Contribute to maturing the Security Incident Response process to ensure it aligns with global business needs and is applied consistently.
• Assist in creating and refining Incident Response runbooks.
• Collaborate with other CSIRT teams to drive continuous improvement of the Incident Response function.

Skills on Resume: 

• Incident Ownership (Soft Skills)
• Performance Review (Soft Skills)
• Technical Analysis (Hard Skills)
• SOC Improvement (Hard Skills)
• On-Call Support (Soft Skills)
• Staff Mentoring (Soft Skills)
• Malware Forensics (Hard Skills)
• Response Planning (Hard Skills)