Internet Storm Center

Job Description

Responsibilities:
Lead complex investigations working with cross-functional, geo-dispersed teams in a large enterprise environment.
Leverage cutting-edge technology in response to major cybersecurity incidents.
Take ownership of cybersecurity investigations and drive them to resolution.
Demonstrate technical leadership and mentor junior analysts on the team, while serving as an escalation point for high-profile incidents.
Conduct full incident response lifecycle activities during major incidents, including preparation, identification, containment, eradication, recovery, and lessons learned.
Analyze alerts, detections, firewall logs, network logs, host logs, to identify a potential cybersecurity incident and determine root cause.
Constantly seek opportunities and make recommendations to improve capabilities as well as overall security posture.
Assist in the development of incident response framework, including design and implementation of standards, procedures, playbooks, runbooks.
Collaborate with incident response stakeholders across the company.
Correlate incident data to identify specific vulnerabilities and make recommendations that enable remediation.
Determine the extent of threats and recommend courses of action or countermeasures to mitigate risks.
Perform initial, forensically sound collection of images / evidence and inspect to discern possible mitigation/remediation on enterprise systems.
Conduct technical analysis and assessments of security related incidents, including malware analysis, packet level analysis, and system level forensic analysis.
Review threat intelligence from various intelligence sources and identify any indicators of attacks or compromise that may be focused on ADP or identify any activities from threat actors that may have an interest in ADP.
Provide recommendations to create and tune new and existing cyber alerts.
Participate and contribute to the planning and implementation of existing and future strategic projects and initiatives.

Bachelor’s degree OR equivalent.

Qualifications / Knowledge / Experience Required:
7+ years combined experience in information security, incident response, security operations, security engineering, forensics, threat management, threat hunting, or threat intelligence, with at least two years in a Security Operations Center (SOC).
Hands-on experience conducting incident response investigations utilizing commercial and open source tools, technologies and platforms, such as SIEM, SOAR, EDR, etc.
Knowledge of computer networking concepts, the OSI model, underlying network protocols (e.g., TCP/IP), network security architecture concepts including topology, components, and principles (e.g., application of defense-in-depth).
Knowledge of Windows/Unix/Linux operating system internals, services and ports.
Knowledge of specific operational impacts of cybersecurity lapses.
Ability to manage multiple tasks and projects while troubleshooting complex problems with minimal oversight.
Knowledge of current cyber threats, adversary tactics, techniques, and procedures (TTPs), such as the MITRE ATT&CK framework, mitigation techniques, and evolving security technologies.
Ability to work under pressure during active cyberattacks.

Qualifications / Knowledge / Experience Preferred:
CISSP, SANS/GIAC or other related security certifications.
Understanding of malware functionality and persistence mechanisms. Experience performing malware analysis.
Experience conducting investigations in Cloud environments (AWS, Axure or GCP).
Experience performing Threat Hunting to uncover malicious activity that evades existing security controls.
Experience leveraging PowerShell, Python or BASH scripting for automation, alert enrichment or investigations.
Exposure to other major areas of Information Security, such as Vulnerability Management and Remediation, Application Security, Identity and Access Management, GRC, Penetration Testing/Red Teaming.
Experience with various databases and query languages