The successful candidate will be responsible for handling the entire lifecycle of security incidents from detection to resolution and root cause analysis. You will be responsible for managing and escalating security incidents, in both DOL’s production and enterprise environments, in accordance with DOL’s Incident Response plan.
You will report to DOL’s Incident Response Team lead and will have scope to shape and improve Ancestry’s comprehensive incident response stack. This is a fantastic opportunity to join a team who live and breathe cyber security and to work for a company with security in its DNA.
What You Will Do:
Monitor daily intrusion prevention tools and firewall logs
Ongoing monitoring of the security of the network and associated information systems
Incident response and handling to identify and respond to network attacks, viruses, and intrusions
Review, perform risk analysis and respond to security alerts and notifications
Analyze a large volume of security event data from a variety of sources with the goal of identifying suspicious and malicious activity.
Identify, track and report network intrusions using multiple cyber technologies.
Triage and analysis of real-time data feeds (such as system logs and alerts) for potential intrusions.
Create documentation regarding the identification, analysis and remediation of security threats and incidents.
Perform follow-up analysis throughout the incident lifecycle, and complete projects and tasks associated with security monitoring, detection, and incident response.
Authoring and implementation of original detection rules for various monitoring systems on the basis of current threats and vulnerabilities.
Build and maintain custom security detection logic to analyze and correlate information to produce meaningful and actionable results.
Participation in on-call rotation to provide 24×7 incident response coverage.
Development of custom tools to detect malicious activity at the user, host, and network levels, either as stand-alone tools or as prototypes of more complex solutions.
Qualifications
Working towards a B.S. in Computer Science or related field with at least 1-2 years’ experience working on information security projects or internship.
Strongly driven by learning new technologies.
Excellent troubleshooting skills – ability to review an incident, provide a recommended action to fix the issue, and document the steps taken to achieve the resolution.
Experience with activities related to Incident Response and Intrusion Detection
Experience with industry best security TOOLS for intrusion detection
Experience in process automation in a security environment.
Ability to work both independently with little supervision as well as in a team environment
Ability to work closely with and collaborate with other security professionals to develop incident response plans and procedures.
Ability to operate effectively and efficiently in a high-demand environment.
Excellent communications skills, capable of working with cross functional technical and business teams and varying levels of management, in a professional manner.
Desire to find efficiencies and automate detection, analysis, and remediation.
Knowledge of the latest attack trends, tools and the threat landscape
Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols).
Knowledge of common web and system security vulnerabilities and remediation techniques (OWASP top-10, etc.).
Strong understanding of Linux, Windows, or Mac system internals and security controls.
Preferred Qualifications:
Technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, and application security.
Knowledge of common threat hunting tools and technologies.
Familiarity with Amazon Web Services (AWS) products and security controls.
Experience with ServiceNow or other inventory/change management system a plus.
Position/Program Requirements :
Minimum Year(s) of Experience: 5
Minimum Degree Required: Bachelor’s degree
Certification(s) Preferred :- GIAC Certified Incident Handler (GCIH);- GIAC Certified Intrusion Analyst (GCIA);- GIAC Certified Forensic Analyst (GCFA);- GIAC Certified Forensic Examiner (GCFE);- GIAC Reverse Engineering Malware (GREM); and,- GIAC Network Forensic Analyst (GNFA).
Job Type: Full-time