Threat Level: green Handler on Duty: Yee Ching Tok

SANS ISC: InfoSec Jobs - SANS Internet Storm Center InfoSec Jobs

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This listing has expired and therefore is not publicly viewable.

Incident Response & Forensic Analyst
Company Precision Castparts Corp.
Location US
Preferred GIAC Certifications GCIH, GCFE, GCFA
Travel 5%
Salary Not provided
Contact Name PCC
Contact Email clorell2/at/
Expires 2022-05-23

Job Description

The Forensic and Incident Response Analyst will investigate cybersecurity and/or computer network related incidents, tier 2 and 3. The position will perform daily incident response triage communicating accordingly as needed.

Primary Duties and Responsibilities:
• Enhance security operations, analytics, threat hunting and security orchestration and automation capabilities.
• Perform Daily Incident Response Triage which may also include working during 2nd or 3rd shift and weekends when necessary. This will include using complex analytics to correlate information from multiple sources to detect advanced threat actions.
• Keep up to date on latest security whitepapers, incidents, tools, tactics for defending against advanced threats and attend Security conferences
• Forensic Analyst team members shall fulfill additional duties as directed by Lead Forensic Analyst, and Director of Cyber Security.
Experience and Education:
• 4+ years of related work experience (IT/Cyber Security)
• Bachelor’s degree required
• Degree must be in a relevant field (e.g., IT, Computer Forensics, Computer Science, Computer Engineering, Information Security, Information Assurance, or related degree)
• 3+ years of experience working in an operational environment (SOC, NOC, Operations Center)
• One or more of the following certificates are required: GCIH, AWS Security Specialist, Azure Security Engineer Associate, GSFE, GCFA, GCED, CHFI, ECIH, ECSS, CISSP, CCFP
Required Skills:
• Skills in collecting and analyzing cloud forensic artifacts.
• Ability to program in Python is preferred.
• Must demonstrate strong ability to detect threat activity
• Knowledge of latest cyber threats and tactics, techniques, and procedures used to infiltrate computer networks
• Demonstrated ability to document incident reports.
• Strong analytical skills and attention to details
• Knowledge of cloud security tools and cloud-native forensic artifacts for Azure and AWS.
• Knowledge of the Windows file system, registry functions, and memory artifacts
• Knowledge of TCP/IP communications, and common protocols and applications, including DNS, HTTP, and SMB
• Demonstrated Linux administration experience
• Strong background with SIEM and analytics
• Experience with a variety of logs and telemetry including AV, web server, SIEM, etc.
• Hands on experience with information security tools, such as an enterprise SIEM solution, IDS/IPS, endpoint security solutions, email/web security gateways, and other security detection/mitigation devices