|
Search Jobvertise Jobs
|
Jobvertise
|
L Cybersecurity Incident Response Engineer Sr Lead Location: US-MN-Minneapolis Email this job to a friend
Report this Job
L3 Cybersecurity Incident Response Engineer (Sr/Lead)
Location: Remote
Job Posting Title
L3 Cybersecurity Incident Response Engineer
Job Summary:
The person filling the position of L3 Cybersecurity Incident Response Engineer will join Information Security, Risk and Compliance organization as part of a team focused on the ongoing development and operations of global Cyber Fusion Center.
The L3 Cybersecurity IR Engineer will be engaged to respond, scope, mitigate, and remediate the most complex cybersecurity incidents. They will be expected to utilize forensic methodologies to investigate potential cybersecurity incidents to include: evidence handling/chain of custody; acquiring data remotely in a forensically sound manner; utilizing multiple artifacts to identify threat actor/malware activity, analyzing output from various technologies in order to effectively investigate potential compromise; and delivering clear written reports to the cybersecurity team.
Primary Responsibilities include but are not limited to the following: Responsible for leading incident response and cyber forensic investigations for the most complex cybersecurity incidents, including developing a detailed case timeline tracking relevant log artifacts Collect and investigate host-based forensic artifacts to determine threat actor and/or malware activity on a suspected compromised host Utilize host, identity, and network artifacts to track lateral movement activity Identify the root cause of complex cyber incidents and develop recommendations to prevent recurrence Provide feedback to security solutions specialists on cyber defense best practices to combat dynamic cyber threats Provide Subject Matter Expertise on relevant cyber threat actor methodologies, including recommendations for detection and prevention Develop and review technical training materials for L1/L2 CSOC analysts Provide guidance, training, and feedback to CSOC analysts
Basic Qualifications: 5-6 years of security experience with at least 4 of those years within cyber incident response 2 years of cyber forensic response Expert knowledge of forensic methodologies and best practices to investigate intrusions, preserve evidence, and coordinate a unified security response Experience using a variety of forensic analysis tools in incident response investigations to determine the extent and scope of compromise Experience leading technical incident response assessment during high stress crisis events Strong knowledge of host, identity, and network artifacts utilized during IR Strong knowledge of network protocols and ability to perform analysis of associated network logs Fluent in speaking and writing English
Required: SANS GCFA (Certified Forensic Analyst)
#DICE
C4 Technical Services
|