Internet Storm Center

Job Description

Responsibilities:

As a key member of a Critical Incident Response Center the Senior Analyst will investigate security alerts from multiple sources, determines their criticality and promptly apply appropriate containment and mitigation measures
Lead complex investigations working with cross-functional, geo-dispersed teams in large enterprise environments
Take ownership of alert investigations and drive them to resolution, demonstrate technical leadership and serve as a mentor to junior analysts on the team
Perform Event Monitoring and Log Analysis for all Cyber Alerts in a centralized and prioritized queue
Enrich and Correlate IOC’s from active investigations to identify other potential security incidents
Collaborate with multiple GSO teams to support their investigations as necessary
Review intel from various intelligence sources and identify any indicators of attacks that may be focused on ADP or identify any activities from threat actors that may have an interest in ADP
Conduct technical analysis and assessments of security related incidents, including malware analysis, packet level analysis, and system level forensic analysis
Conduct analysis of network events from various device types and vendors from multiple technologies and products
Capture files, artifacts, logs, registry entries or other host-based evidence
Initiate, Support and Lead various investigative incident response tasks during an incident at various stages of the incident
Document the Analysis and activities as it pertains to the alert details, the response performed for containment and remediation steps along with the supporting artifacts and evidence for justification
Facilitate the escalation process and interactions with external teams. This includes prioritizing incidents during activity time frames and including advanced teams
Assist in the development and maintenance of new processes and documentation including newly developed correlation rules to help our analysts continually improve to engage the current threats.
Utilizing the intelligence from various sources and coordinating with internal teams, help test new alert detections that support the monitoring and enforcement of the ADP security policies while helping improve existing alerts to reduce False positive rates
Manage multiple alerts and investigations simultaneously while participating in adhoc CIRC Projects and Operational Improvement activities
Participate in Purple team exercises and post-exercise activities
To Succeed in This Role:

Bachelor’s degree or equivalent.
Specialized training in information security helpful.
Security Certifications are a plus, but not required. CISSP, GSEC, GCIA, GCIH, GREM
Qualifications:

Similar Security roles with relevant analysis experience in a large corporate environment is highly recommended
6 Years combined actual Security Analysis and Incident Response Experience
Networking Skills – Strong experience in Windows and *nix environments. Excellent understanding of TCP/IP and network communications. Strong network administration skills. Packet-level behavioral familiarity with most major TCP/IP application protocols. General understanding of key components of internet architecture.
Incident Handling – Excellent computer security incident handling, analytical and communication skills. Familiarity with interpreting the log output of a wide selection of device classes including networking and host Infrastructure devices. In depth knowledge of computer security forensics and security vulnerabilities. Broad knowledge of business-impacting security scenarios and viable methods to detect these scenarios (Cross device log correlation)
Operating Systems – Strong system admin skills. Experience with multiple OS’s and versions is required.
Security Tools & Technologies – Well versed in multiple security technologies such as SIEM, DPI, GRC, Antivirus, Intrusion Detection & Prevention Systems, Cloud/AWS, EDR, XDR, UBA, Web Proxy/Content Filtering, Active Directory, PKI, Radius, RSA SecurID, MFA
Malware Analysis – Reverse-engineering and executable analysis skills. Experience in reverse-engineering script content in multiple formats. Knowledge of how to operate a debugger. Knowledge of basic packing and obfuscation techniques. Broad knowledge of data and executable file types and extracting information from them. Functional knowledge of Shellcode fundamentals
Scripting / Development – Enough SQL familiarity to generate nested queries and joins in a major SQL dialect. General experience with systems automation in a major scripting language. General knowledge of web content scripting languages. Functional experience with text and data representation and manipulation (XML, HTML, Regular Expressions, Wiki Markup, SQL)