Happiest Minds Technologies
Website:
happiestminds.com
Job details:
Position Title: Incident Response Analyst
Location: Remote
Schedule: Training for 2-3 months, during that time working 8AM-5PM CST (7:30 PM to 4:30 AM)
Once Training Is Complete, One Of These Shifts
Midnight ? 9AM CST (10:30AM ? 7:30PM IST) + On-call rotation 8am to 8am next day CST
Weekends 2 hrs check mail for alerts
6/7PM ? 3/4AM CST (4:30/5:30AM ? 1:30/2:30PM IST) + On-call rotation
Zscaler, servicenow, siem, cs all to be analyzed and be individual contributor
2000 tickets
SOC analyst 2
IR 1 resource need SIEM use case development rule writing skills.
Duration: Full-Time
Company Background
Ascend Learning, LLC (www.ascendlearning.com) is a global leader providing online education, assessment, remediation, certification, and e-learning solutions for the post-secondary academic market specifically serving the nursing, allied health, sports medicine, public safety, and the financial services industries. Ascend employs more than 900 employees in 35 states. Ascend's portfolio companies consist of Jones and Bartlett Learning, ATI Nursing Education, the National Healthcare Association, ExamFX, the National Academy of Sports Medicine, Boston Reed, Advanced Informatics, and ClickSafety.
We are looking for a confident person, should not get nervous easily. This is a very critical and technical role; we expect this person to walk in the door and be able to respond to security alerts and investigate events, attacks, and activity.
Required Skills
- Extensive experience with all phases of incident response. Five (5) years+ experience performing complex incident investigations including triage, containment, eradication, evidence collection, after-action reporting, and documentation.
- Five (5) years+ experience performing in-depth analysis of security logs and telemetry from a diverse range of sources, including endpoint, network, cloud, and e-commerce systems to identify and contain Security Incidents.
- Strong experience & skills performing incident triage and investigating attacks, malware, and suspicious activity at a process, command, and code-level.
- Mastery of Network (TCP/IP), Linux, or Windows OS server infrastructure
- Technology experience 10+ years, 6+ years of information security
- Excellent English communication skills (written, verbal, and comprehension)
- Ability to work in an on-call rotation that covers a one week time period after normal business hours and on weekends. This requires after hours work and being logged in and online within 15 min for emergency page outs.
- Confident, energetic, driver, leader mentality
- Extremely detail-oriented
- Passionate about information security
- Good Judgement
- Proactivity
- Advanced problem solver
Experience
- Cybersecurity expertise in incident response, monitoring and responding to security events and incidents using established processes, creating processes and procedures where none are already established.
- Experience with artifact identification outside of cybersecurity tools such as log analysis, malware detonation, and endpoint memory analysis.
- Mastery of one or more of the following: SIEM, Firewalls, IDS/IPS, EDR, Proxy, AV, DLP, EuBA, Malware sandboxing and reverse engineering, or Cloud Security.
- Familiarity with common and emerging cyber-attack techniques, TTPs, and IOCs.
- Working in a SOC or providing incident support for a security team
- Leading multi-team incident investigations (must be comfortable in a facilitation role)
- Experience identifying and mitigating web application attacks, C2 beaconing, and/or DPL/Data Exfil.
- Log/protocol analysis, writing RegEx, and experience efficiently analyzing and sifting through thousands of logs to quickly pinpoint/identify suspicious activity.
- Experience with searches in a SIEM (like QRadar or Splunk) and/or an EDR (like Carbon Black, CrowdStrike Falcon).
- Threat hunting in core security tools
Tool Experience
- SIEM (QRadar, Splunk, Google SecOps, etc.)
- Google SecOps, DataDog and/or CrowdStrike Raptor query languages
- Packet/Protocol Analyzers (Wireshark, Fiddler, NetWitness Investigator, NetFlow Analyzer, etc.)
- Memory Analysis Tools (Memoryze, FTK Imager, DumpIt, WinPmem, etc.)
- Regex
Cybersecurity
Click on Apply to know more.