Senior Incident Response Analyst-Hybrid

Job Description

The Senior Incident Response Analyst will be a member of our Cyber Fusion Center Team and support our Incident Response function. This position will respond to and remediate advanced cybersecurity incidents, including application and network-based threats.

They will work with our business stakeholders and intelligence, analytics, and engineering teams to assist in improving incident response processes in the cloud, OT, and other environments.

This position will be a hybrid working environment with a mix of remote and on-site work.

Key Responsibilities:

• Lead cyber security incidents and perform investigation, containment, and remediation efforts.

• Provide guidance to first-level responders for handling cyber security incidents.

• Develop new incident response use cases and create threat detection logic, rules, and alerting in our SIEM (Security Information and Event Management) tool for response by IR analysts.

• Work with security and data analytic engineering teams to identify and recommend new internal and external data sources to develop additional threat detection logic.

• Analyze threat information gathered from logs, Intrusion Detection Systems (IDS), intelligence reports, vendor sites, and a variety of other sources and recommend rules and other process changes.

• Create, review, and update standards, baselines, standard operations procedures, and runbooks for the function, especially in the cloud and OT environments.

• Identify and develop workflow automation to lower response time and eliminate lengthy procedures during incident investigations.

• Conduct timely evaluations of incident response tickets within a defined review process, providing in-depth analysis, actionable insights, and guidance to improve response and enhance overall incident management effectiveness.

Education:

• Bachelor's degree in computer science, information systems, or related field.

Required Experience and Skills:

• Minimum 5 years of experience in incident response, preferably in a pharmaceutical, biotechnology, or other regulated environment

• Advanced knowledge of security technologies, such as SIEM, EDR Tools, Host and Network Security Tools, and Vulnerability Management tools

• Advanced understanding of cloud environment configurations, including Azure and AWS infrastructure

• Experience with common attack vectors, including advanced adversaries (nation state/financial motivation)

• Knowledge around common web application attacks, including SQL injection, cross-site scripting, invalid inputs, and forceful browsing

• Ability to independently perform analytical activities, pay close attention to detail for assigned tasks, apply critical thinking skills, and to learn and adapt quickly in a fast-paced environment

• Strong written communication skills

Preferred Experience and Skills:

• Cybersecurity Certifications (Offensive Security, SANS, etc.)

• Experience working with cyber security tools, endpoint detect & respond, intrusion detection, and intrusion prevention systems

• Experience developing detection logic for …