Offer summary

Qualifications:

3+ years of SOC and IR experience, Familiarity with MITRE ATT&CK Framework, Experience in multiple operating systems, Cloud security experience with AWS & Office365, Ability to analyze large data sets.

Key responsabilities:

Investigate, report, and respond to cyber incidents

Conduct incident triage and manage threats

Lead investigations and perform threat hunting

Collaborate to improve cybersecurity tools and practices

Document activities for root cause analysis

Job description

Job Summary:

The Cyber Security Incident Response Specialist will investigate, report, and respond to cyber incidents. This position will maintain cybersecurity monitoring operations and performs cyber event/incident triage to determine scope, urgency, and potential impact of the event/incident. The Cyber Security Incident Response Specialist Identifies key vulnerabilities and makes recommendations for remediation. They proactively search for threats using a variety of tools and techniques, including all available intrusion detection systems (IDS), host endpoint detection and response capabilities (EDR), security information and event management platforms (SIEM), etc. This position is responsible for documenting all activities that occurred during the incident utilizing a temporally based sequence of events that serves as part of an incident root cause analysis (RCA). The Cyber Security Incident Response Specialist will develop and maintain thorough up-to-date knowledge of cybersecurity threats and incident response best practices.

Responsibilities:

Performance Outcomes

Technical Skills & Tool Mastery

Quickly understand and utilize company’s SOC technologies, including but not limited to a Security Information Event Management (SIEM) platform, Intrusion Detection System (IDS), Endpoint Detection & Response (EDR) solution, and insider threat tooling.
- Ability to quickly learn SIEM solution and create and/or customize dashboards to make the best use of data.

Incident Response & Threat Management

Act as an internal expert on matters relating to intrusion detection and incident response (IR).
Respond to security events and threats from alerting, escalations, and other sources. Be responsible for running security incident response activities – triage through recovery/closure.
Lead complex investigations and conduct deep analysis of security events, across various company security platforms, focused on rapid containment and remediation.
Perform Threat Hunting activities when not involved in IR activities.

Collaboration, Reporting, & Continuous Improvement

Work closely with security team to improve monitoring, detection, tooling, and integrations.
Track industry cybersecurity attacks and vulnerabilities and work proactively to address cyber risks (think SolarWinds, Log4j, etc.).
Provide high quality written and verbal reports, as required.

Education, Knowledge, and Experience

3+ years of Security Operations Center (SOC) and Incident Response (IR) experience.
Understands threat analysis models like MITRE ATT&CK Framework and the Cyber Kill Chain.
Experience with variety of operating systems and threats that target them including Windows, LINUX, and MacOS.
Cloud security experience – AWS and Office365.
Experience with querying across large data sets to understand complicated and difficult to solve problems – this is critical to leveraging the various SOC technologies.
Excellent verbal/non-verbal communication skills with proficient ability to deliver technical information to non-technical staff.
Sumo Logic SIEM experience a plus.

FLSA Status

Exempt.

Physical Requirements/ Work Environment

The work environment characteristics and physical demands described here are representative of these an employee encounters while preforming the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Additional Information:

Location:

Remote Job Posting

Department:

9312 Information Technology

Time Type:

Full time

Commitment to Equal Opportunity

PPLSI conforms to all the laws, statutes, and regulations concerning equal employment opportunities. We strongly encourage women, minorities, individuals with disabilities and veterans to apply to all of our job openings. We are an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, national origin, status as a protected veteran, and basis of disability or any other federal, state or local protected class. We prohibit retaliation against individuals who bring forth any concerns, orally or in writing, to the employer or the government, or against any individuals who assist or participate in the investigation of any concerns or otherwise oppose discrimination.

If you require a reasonable accommodation to complete the application process, please contact Human Resources at: humanresources@legalshieldcorp.com.

Required profile