Senior Incident Response AnalystBlue Yonder is seeking a "Hands-on" Senior Incident Response Analyst (SOC) who would be responsible for threat detection, monitoring and Incident response. Looking for suitable candidates to join SOC (Security Operations Team) Tier-2 & 3, 24x7 team as Sr. Incident Response Security Analyst. The candidate will be responsible for Daily SOC Operations and security incident response. The candidate is required to work 5 days a week, which could be weekends as well. This candidate will closely be partnering with internal security teams across the world.
Responsibilities Detect and respond to cyber security threats to ensure your organization operates securely.
Partner with the existing internal SOC team across the world and keep the CISO informed about security operations.
Act as a liaison between the SOC team, other internal stakeholders, and external parties such as vendors, clients or regulatory bodies.
Develop incident management plans and procedures, surveying the networks for signs of a breach.
Coordinating and executing tabletop exercises to practice, develop plans, policies and procedures.
Perform proactive threat hunts to identify threats and assess the state of security controls.
Work with in-house red teams in order to detect offensive operations, and capture and action findings.
Proactively look for suspicious anomalous activity based on data alerts or data outputs from various toolsets.
Drive Security Incidents end-end as Incident Responders (Asses, Triage, Communication, Remediation, Documentation)
Develop new SIEM use-cases to detect un-usual activities.
Develop Incident Response Playbooks for emerging Threats/attack types.
Work on malware analysis, Phishing email analysis, and all other alerts reported.
Document the lessons learned and improve the process.
Responsible for completing the documentation of the investigation; determine the validity and priority of the activity and escalate to senior SOC analysts or leads.
Carry out Level 3 triage of incoming issues (initial assessing the priority of the event, initial determination of incident to determine risk and damage or appropriate routing of security or privacy data request)
Provide communication and escalation throughout the incident per the SOC guidelines.
Identify and manage a wide range of threat intelligence sources to provide a holistic view of the threat landscape and filter out noise to focus and execute upon actionable intelligence.
Leading the development of actionable use cases to detect, triage, investigate and remediate based on latest threat actor trends, support teams with the technical implementation of parsing log sources creating, validating and testing alerting queries to reduce false positives.
Ensure that all security events and incidents (internal / external) are logged into ServiceNow and regularly updated and closed within the set SLAs
Qualifications At least 3-6 years of proven experience in Security incident response and SOC Operations
Practical experience with threat detection, monitoring and incident response and implementation
Ability to query and write detection rules, in Security tools, (i.e., SIEM (Qradar / Splunk), SOAR, WAF, AV, Firewalls, Internet-facing services).
Strong technical understanding of network/OS fundamentals and common Internet protocols, specifically DNS, HTTP, HTTPS
Experience conducting technical analysis of security events including Malware analysis, Phishing, and digital forensics.
Strong written and oral communication skills.
Experience in investigating security issues and / or complex operational issues on Windows and Linux
Knowledge of email security threats and security controls, including analyzing email headers, Web attack, network traffic analysis using tools such as Wireshark.
Experience reviewing system and application logs (e.g., web or mail server logs)
Familiarity with core concepts of security incident response, e.g., the typical phases of response, vulnerabilities vs threats vs actors, Indicators of Compromise (IoCs), etc.
Certifications such as GCIH, GCIA, GSEC, CEH, Security+, SSCP.
Results focused and attention to detail.
Available to work outside of their shift when needed.
#J-18808-Ljbffr
