Essential Job Functions
The Incident Response and Forensics Analyst I position is part of the Security Governance team and reports to the Director of Cyber Security Architecture and Forensics. The Security Governance team plays a crucial role in safeguarding the organization from cyber and physical threats while ensuring compliance with various legal, contractual, and ethical standards. By providing clear guidance on secure technology practices, actively identifying risks, and swiftly responding to threats, the team helps reduce the organization's overall risk. The Security Governance team is led by the CSO, who reports to the CAO and collaborates closely with the General Counsel.
As a member of the Cyber Security Architecture & Forensics team, the Incident Response and Forensics Analyst will have the following responsibilities across the organization:
- Threat Intelligence: Manage, create, and investigate threats to the industry, company, or individuals using third-party intel threat managers.
- Forensics: Conduct and manage investigations using standard tools like FTK and Encase, ensuring the integrity of evidence.
- CIRT: Serve as a core member of the Cyber Incident Response Team.
- Threat Hunting: Manage and participate in third-party Red and Purple teaming exercises.
- Investigations: Conduct investigations as directed, which may include sensitive matters, insider threats, HR-related incidents, and other non-traditional security issues.
- Second/Third Level Tech Support: Assist the Security Operations team in reviewing security events, determining root causes, and providing guidance for escalation. Availability outside of normal working hours may be required due to the nature of incidents.
- Self-manage and complete tasks within tight deadlines and sometimes outside standard procedures.
- Utilize scripting languages and data analysis software to analyze extensive logs and unstructured data, providing insights for investigations.
- Manage security incidents and conduct detailed analyses of adversary tactics and strategies.
- Lead and own tasks during incidents, including guiding teams on correct data preservation and incident response procedures.
- Assist with damage assessment and cause and origin investigations.
- Perform forensic analysis of systems and prepare comprehensive technical and investigative reports.
- Collaborate with senior team members to prepare presentation materials.
- Conduct peer reviews and condition assessments.
- Facilitate communication and coordination between internal teams and, if necessary, external resources.
- Identify cybersecurity risks, indicators of compromise, and remediation tasks.
- Assist with the remediation of findings.
- Maintain a high degree of integrity and confidentiality, adhering strictly to company policy and best practices.
Qualifications & Requirements
The preferred qualifications include a combination of experience, education, and certifications that demonstrate the candidate's ability to succeed in this role.
Experience
- At least five (5) years of experience in IT operations or engineering roles, with at least three (3) years focused on IT security, compliance, or risk management, developing and deploying security technologies, policies, standards, and procedures.
- Familiarity with industry-standard frameworks such as ISO 27001, NIST 800-53, CSF, CIS, and ATT&CK Matrix.
Technologies
- Advanced Endpoint Security
- Forensic toolkits – Encase, FTK, or similar tools
- Agent-Based Data Loss Prevention (Host DLP)
- Application Allow/Blocklisting
- Azure IaaS & PaaS Security
- Cloud Access Security Broker (CASB)
- Cloud Security Posture Management (CSPM)
- M365 Security Suite
- Network IPS/IDS
- Next Generation Firewall
- Privileged Access Management
- SIEM
- Vulnerability Management
- Web Application Firewall (WAF)
Education & Professional Certification
- Bachelor’s degree or higher in Cyber Security or a related field is preferred.
- CISSP, CISM, and other technical certifications are preferred.
Core Skills
Communication
- Develop organizational mission, objectives, milestones, and plans with minimal supervision.
- Write independently and persuasively for business contexts.
- Articulate technical and non-technical information effectively to customers, peers, and management in both written and oral formats.
- Produce support documentation, training materials, and other communications with minimal oversight.
- Exhibit strong active listening skills.
Decision Making
- Make effective and practical decisions based on analysis, experience, and judgment.
- Provide innovative and insightful ideas.
- Understand the cross-impact on other projects or engagements.
- Determine personnel needs and staffing requirements.
Interpersonal Skills
- Effectively manage complex interpersonal issues.
- Negotiate skillfully in difficult situations with both internal and external stakeholders.
- Inspire and motivate others.
- Be recognized as a positive and motivational leader within the team.
Strategic/Change Leadership
- Develop strategies and focus on plans spanning six months to a year.
- Contribute individually or through others on complex issues or initiatives.
- Facilitate group progress on complex issues and initiatives.
Program/Project Management
- Lead complex programs that span multiple organizational units and clients.
- Interface with senior management effectively.