As an MDR Threat Analyst, you will work with enterprise systems, log analysis systems, and endpoint collection systems to facilitate the investigation, identification and neutralization of cyber threats
You will work alongside and contribute to a team of analysts with the objective of providing best in class monitoring, detection and response services
What you will do
Handle escalations from level I Threat Analysts - guide / advise on investigation handling
On-board and train new Threat Analysts
Participate in Security Operations process improvement and creation
Provide detection and response to security events and cyber-threats
Conduct security log management and monitoring
Maintain information security metrics
Provide assistance to core security and threat response teams
Create MDR service-related reports
Create cases for clients
Track and follow up with client through threat neutralization
Interact with clients via various mediums
Actively research recent Indicators or Compromise/Attack, exploits and vulnerabilities
Obtain metrics for reporting on threat trends, intelligence analysis and situational awareness
What you will bring
5+ years of experience working in a SOC environment or computer security team in an IT environment
Endpoint and network security experience required; IDS, IPS, EDR, ATP, Malware defenses and monitoring experience
Threat hunting experience preferred
Knowledge of common adversary tactics and techniques, eg, obfuscation, persistence, defense evasion, etc
Knowledge of Mitre ATT&CK framework preferred
Working knowledge of incident response procedures
Experience with SQL query construction preferred
Experience with OSQuery is a plus
Experience administering and supporting Windows OS (both workstations and server) and one of the following: Apple or Linux-based operating systems (eg XP, Windows 7, 2003, 2008, OS X)
Fundamental understanding of network traffic analysis including TCP/IP, routing, switching, protocols, etc
Strong understanding of Windows event log analysis
Experience with enterprise information security data management - SIEM experience a plus
Programming and scripting skills - proficient knowledge of Powershell is a plus
Excellent troubleshooting and analytical thinking skills
Strong documentation and communication skills
Advanced Cyber Security certifications preferred but not required
Excellent customer service skills
Passion for all things information technology and information security
Natural curiosity and ability to learn new skills quickly
Ability to think outside the box
Innovative mindset
Bachelors in Information Technology, Computer Science or a related field; or relevant commensurate work experience
Willingness to work outside of standard business hours including weekends and holidays - our Managed Detection and Response is a 24X7X365 service
Must be able to thrive within a team environment as well as on an individual basis
Job Classification
Industry: IT Services & Consulting Functional Area: IT Services & Consulting Role Category: IT Security Role: Security Engineer / Analyst Employement Type: Full time