Cyber Incident Response Analyst 4

job summary:
Security Alert Management/Threat Hunting

Monitor and analyze network, host, cloud posture, identity, attack surface, intelligence, and email based security events and logs to identify potential security threats.

Prioritize and differentiate between potential intrusion attempts, false alarms, and risks.

Properly respond to alerts that require incident response review.

Develop and tune threat detection policies, rules, and intelligence.

Incident Response

Lead the management of complex information security incidents from triage through resolution.

Ability to manage multiple investigations concurrently.

Lead a cross-functional team of experts to resolve the incident investigation.

Provide timely and relevant updates to appropriate stakeholders and decision makers.

Conduct root cause analysis and partner with functional experts to determine the remediation path for incident resolution. Root cause analysis may include, but is not limited to malware analysis, computer forensic analysis, log analysis, personnel interviews, and technical troubleshooting. The CIRT Analyst IV will evaluate controls at each level of security defense, from end-point to perimeter.

Provide findings to relevant business leadership to help improve information security posture.

Validate and maintain incident response plan and playbooks to address the evolving threat landscape.

Create and maintain strong relationships with key partners in the incident response ecosystem and ensure efficient alignment during the investigation process.

Compile and analyze data for management reporting and metrics.

Provide rotational on-call support for assessing potentially critical alerts escalated by off-hours monitoring team.

Threat Management

Manage and analyze threat intelligence data received from cyber threat vendors.

Monitor information security related websites (e.g., US-CERT, SANS Internet Storm Center) and mailing lists (e.g., SANS NewsBites, etc.) to stay current on the latest malicious code trends, exploits, and malware.

Participate in working groups that assess Iron Mountain's risk posture.

Analyze the potential impact of new threats and communicate risks to relevant business units.

Develop advanced threat detection rules based on analysis of intelligence.

Qualifications

Ten or more years of technical experience in the information security field, preferably in a Security Operations Center (SOC), Network Operations Center (NOC), or Computer Emergency/Incident Response Team (CERT/CIRT)

Eight or more years of practical Cyber Incident Management and Threat Hunting experience.

Advanced knowledge of information systems security concepts and technologies, including SIEM technologies, network architecture, database concepts, intrusion detection, cloud security, endpoint detection and response ( EDR), email protection, malware remediation; and computer forensic tools such as EnCase and open source alternatives.

Familiarity with security frameworks, such as NIST, and compliance standards such as HIPAA, GDPR, PCI, and FedRAMP.

Strong understanding of incident, problem, and change management is preferred.

Advanced knowledge and experience with the Windows and Linux operating systems.

Working knowledge and experience with investigating malicious code.

Demonstrated ability to apply technical and analytical skills in a security environment

Ability to work extremely well under pressure while maintaining a professional image and approach

Exceptional data analytics abilities; can perform independent analysis and distill relevant findings and root cause

Strong analytical writing skills; can articulate complex ideas clearly and effectively; experience creating and presenting documentation and management reports

Team player with proven ability to work effectively with other business units, IT management and staff, Legal, vendors, and consultants

Strong communication skills; can plan and lead effective meetings, conduct structured interviews to collect information, and present to a variety of audiences, including key stakeholders and decision makers

Experience in the following or similar tools: Chronicle Backstory,, Crowdstrike Falcon, Prisma Cloud, Check Point Next Generation Appliances, Tenable, Tanium, Google Cloud Platform, AWS, Azure.

Working understanding of threat intelligence, SOAR, and attack surface platforms.

location: Telecommute
job type: Contract
salary: $70 - 85 per hour
work hours: 8am to 5pm
education: Bachelors


responsibilities:
Security Alert Management/Threat Hunting

Monitor and analyze network, host, cloud posture, identity, attack surface, intelligence, and email based security events and logs to identify potential security threats.

Prioritize and differentiate between potential intrusion attempts, false alarms, and risks.

Properly respond to alerts that require incident response review.

Develop and tune threat detection policies, rules, and intelligence.

Incident Response

Lead the management of complex information security incidents from triage through resolution.

Ability to manage multiple investigations concurrently.

Lead a cross-functional team of experts to resolve the incident investigation.

Provide timely and relevant updates to appropriate stakeholders and decision makers.

Conduct root cause analysis and partner with functional experts to determine the remediation path for incident resolution. Root cause analysis may include, but is not limited to malware analysis, computer forensic analysis, log analysis, personnel interviews, and technical troubleshooting. The CIRT Analyst IV will evaluate controls at each level of security defense, from end-point to perimeter.

Provide findings to relevant business leadership to help improve information security posture.

Validate and maintain incident response plan and playbooks to address the evolving threat landscape.

Create and maintain strong relationships with key partners in the incident response ecosystem and ensure efficient alignment during the investigation process.

Compile and analyze data for management reporting and metrics.

Provide rotational on-call support for assessing potentially critical alerts escalated by off-hours monitoring team.

Threat Management

Manage and analyze threat intelligence data received from cyber threat vendors.

Monitor information security related websites (e.g., US-CERT, SANS Internet Storm Center) and mailing lists (e.g., SANS NewsBites, etc.) to stay current on the latest malicious code trends, exploits, and malware.

Participate in working groups that assess Iron Mountain's risk posture.

Analyze the potential impact of new threats and communicate risks to relevant business units.

Develop advanced threat detection rules based on analysis of intelligence.

Qualifications

Ten or more years of technical experience in the information security field, preferably in a Security Operations Center (SOC), Network Operations Center (NOC), or Computer Emergency/Incident Response Team (CERT/CIRT)

Eight or more years of practical Cyber Incident Management and Threat Hunting experience.

Advanced knowledge of information systems security concepts and technologies, including SIEM technologies, network architecture, database concepts, intrusion detection, cloud security, endpoint detection and response ( EDR), email protection, malware remediation; and computer forensic tools such as EnCase and open source alternatives.

Familiarity with security frameworks, such as NIST, and compliance standards such as HIPAA, GDPR, PCI, and FedRAMP.

Strong understanding of incident, problem, and change management is preferred.

Advanced knowledge and experience with the Windows and Linux operating systems.

Working knowledge and experience with investigating malicious code.

Demonstrated ability to apply technical and analytical skills in a security environment

Ability to work extremely well under pressure while maintaining a professional image and approach

Exceptional data analytics abilities; can perform independent analysis and distill relevant findings and root cause

Strong analytical writing skills; can articulate complex ideas clearly and effectively; experience creating and presenting documentation and management reports

Team player with proven ability to work effectively with other business units, IT management and staff, Legal, vendors, and consultants

Strong communication skills; can plan and lead effective meetings, conduct structured interviews to collect information, and present to a variety of audiences, including key stakeholders and decision makers

Experience in the following or similar tools: Chronicle Backstory,, Crowdstrike Falcon, Prisma Cloud, Check Point Next Generation Appliances, Tenable, Tanium, Google Cloud Platform, AWS, Azure.

Working understanding of threat intelligence, SOAR, and attack surface platforms.

Education/Certifications

Bachelor's degree in information systems, computer science, or related discipline desired.

Postgraduate degrees and certificate programs in relevant areas that demonstrate analytical and technical background will also be considered.

SANS certifications (GSEC, GCIH, GCFA, GCFR, or GCIA).

qualifications:
Qualifications

Ten or more years of technical experience in the information security field, preferably in a Security Operations Center (SOC), Network Operations Center (NOC), or Computer Emergency/Incident Response Team (CERT/CIRT)

Eight or more years of practical Cyber Incident Management and Threat Hunting experience.

Advanced knowledge of information systems security concepts and technologies, including SIEM technologies, network architecture, database concepts, intrusion detection, cloud security, endpoint detection and response ( EDR), email protection, malware remediation; and computer forensic tools such as EnCase and open source alternatives.

Familiarity with security frameworks, such as NIST, and compliance standards such as HIPAA, GDPR, PCI, and FedRAMP.

Strong understanding of incident, problem, and change management is preferred.

Advanced knowledge and experience with the Windows and Linux operating systems.

Working knowledge and experience with investigating malicious code.

Demonstrated ability to apply technical and analytical skills in a security environment

Ability to work extremely well under pressure while maintaining a professional image and approach

Exceptional data analytics abilities; can perform independent analysis and distill relevant findings and root cause

Strong analytical writing skills; can articulate complex ideas clearly and effectively; experience creating and presenting documentation and management reports

Team player with proven ability to work effectively with other business units, IT management and staff, Legal, vendors, and consultants

Strong communication skills; can plan and lead effective meetings, conduct structured interviews to collect information, and present to a variety of audiences, including key stakeholders and decision makers

Experience in the following or similar tools: Chronicle Backstory,, Crowdstrike Falcon, Prisma Cloud, Check Point Next Generation Appliances, Tenable, Tanium, Google Cloud Platform, AWS, Azure.

Working understanding of threat intelligence, SOAR, and attack surface platforms.

Education/Certifications

Bachelor's degree in information systems, computer science, or related discipline desired.

Postgraduate degrees and certificate programs in relevant areas that demonstrate analytical and technical background will also be considered.

SANS certifications (GSEC, GCIH, GCFA, GCFR, or GCIA).

Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.

At Randstad Digital, we welcome people of all abilities and want to ensure that our hiring and interview process meets the needs of all applicants. If you require a reasonable accommodation to make your application or interview experience a great one, please contact [email protected].


Pay offered to a successful candidate will be based on several factors including the candidate's education, work experience, work location, specific job duties, certifications, etc. In addition, Randstad Digital offers a comprehensive benefits package, including: medical, prescription, dental, vision, AD&D, and life insurance offerings, short-term disability, and a 401K plan (all benefits are based on eligibility).

This posting is open for thirty (30) days.

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.