Incident Response Analyst Resume Samples
4.5
(105 votes) for
Incident Response Analyst Resume Samples
The Guide To Resume Tailoring
Guide the recruiter to the conclusion that you are the best candidate for the incident response analyst job. It’s actually very simple. Tailor your resume by picking relevant responsibilities from the examples below and then add your accomplishments. This way, you can position yourself in the best way to get hired.
Craft your perfect resume by picking job responsibilities written by professional recruiters
Pick from the thousands of curated job responsibilities used by the leading companies
Tailor your resume & cover letter with wording that best fits for each job you apply
Resume Builder
Create a Resume in Minutes with Professional Resume Templates
CHOOSE THE BEST TEMPLATE
- Choose from 15 Leading Templates. No need to think about design details.
USE PRE-WRITTEN BULLET POINTS
- Select from thousands of pre-written bullet points.
SAVE YOUR DOCUMENTS IN PDF FILES
- Instantly download in PDF format or share a custom link.
LC
L Cruickshank
Lourdes
Cruickshank
95047 Hyatt Union
Boston
MA
+1 (555) 118 1481
95047 Hyatt Union
Boston
MA
Phone
p
+1 (555) 118 1481
Experience
Experience
Boston, MA
Incident Response Analyst
Boston, MA
Legros Inc
Boston, MA
Incident Response Analyst
- Manage security tools, provide system administrative support and maintain and upgrade tool sets
- Manages and executes multi-level responses and addresses reported or detected incidents
- Performs information security incident response and incident handling based on risk categorization and in accordance with established procedures
- Work with a cross-functional team, drive improvements to policies and processes within the law enforcement response team
- Coordinate with internal partners and external law enforcement agencies to provide assistance to people in crisis
- Identifying incidents and make recommendations to protect the network
- Assist in the administration and integration of security tools to include new data/log sources, expanding network visibility and automation
Dallas, TX
Incident Response Analyst, Expert
Dallas, TX
Kemmer, Johnston and Nolan
Dallas, TX
Incident Response Analyst, Expert
- Utilizes digital forensic tools including Guidance EnCase to execute digital investigations and perform incident response activities
- Perform hunting for malicious activity across the network and digital assets
- Conducts analysis using a variety of tools and data sets to identify indicators of malicious activity on the network
- Collaborates with technical and threat intelligence analysts to provide indications and warnings, and contributes to predictive analysis of malicious activity
- Detonate malware to assist with threat research
- Establishes links between suspects and other violators by piecing together evidence uncovered from a variety of sources
- Establishes and maintains defensible evidentiary process for all investigations
present
San Francisco, CA
Senior Incident Response Analyst
San Francisco, CA
Reichert, Gorczany and Gleason
present
San Francisco, CA
Senior Incident Response Analyst
present
- Provides project support related tasks to integrate security platforms as well as ongoing tuning support for existing technology
- Maintain the security services and technologies involving the SIEM configuration & planning, and incident response
- Lead incidents, coordinating and directing multiple subject matter experts internal and external to the organization
- Specialize in network centric analysis utilizing a variety of tools and techniques such as Network Security Monitoring, log analysis, and more
- Technical leadership guiding the development and evolution of our security monitoring platform as well as detection and response procedures
- Provides Training and Mentoring of junior and mid-career team members
- Responsible for providing Security Architecture services during normal business hours
Education
Education
Bachelor’s Degree in Computer Science
Bachelor’s Degree in Computer Science
Cornell University
Bachelor’s Degree in Computer Science
Skills
Skills
- Excellent oral and written communication skills and ability to present to small groups
- Professional contributor with ability to work with a team
- Provide quality customer service with excellent problem solving skills
- Strong knowledge of tools used for network security (DLP, NIPS, HIPS, AV, Firewalls, etc)
- Strong knowledge of tools used for network security (DLP, NIPS, HIPS, AV, Firewalls, Wireshark)
- Experience using IDA pro, OllyDbg, WinDBG, or any other applicable tools for reversing of compiled code
- Strong understanding of SIEM technologies
- Familiarity with basic reverse engineering principles
- Ability to influence and guide decision making in crisis moments
- Proven ability to lead and influence across and up during business impacting events
15 Incident Response Analyst resume templates
Read our complete resume writing guides
1
Incident Response Analyst Secure Works Resume Examples & Samples
- Act as a Subject Matter Expert (SME) for incident response and forensics
- Manage and perform incident response activities
- Support ongoing internal investigations and hand over legal cases to litigation team
- Perform storage forensics (for example, hard drives, phones, USB storage)
- Perform network storage forensics (for example, capturing network traffic for analysis) and perform file-system analysis and file carving (for example, to extract email, documents, and other trace evidence)
- Identify, collect, preserve and analyze electronic information, relevant to a case, incident or event of interest
- Establish timelines and patterns of activity of individuals and electronic devices and software
- Consult with client Legal team on privacy, policy and compliance concerns
- Documentation of actions taken for audit, regulatory and legal purposes within approved event tracking system
- Ability to deliver technical training in areas such as incident handling, event analysis and correlation, threat
2
Incident Response Analyst Resume Examples & Samples
- Conduct highly technical examinations, analysis and reporting of computer based evidence related to security incidents (intrusion artifacts/IOCs) or investigations
- Effective and secure handling of digital evidence and matter confidentiality
- Perform incident triage and handling by determining scope, urgency and potential impact thereafter identifying the specific vulnerability and recommending actions for expeditious remediation
- Ability to analyze data, such as logs or packets captures, from various sources within the enterprise and draw conclusions regarding past and future security incidents
- Document incidents from initial detection through final resolution
- Coordinate with and act as subject matter expert to resolve incidents by working with other information security specialists to correlate threat assessment data
- Maintain and expand related information security metrics
- Bachelor’s degree in a relate field or equivalent experience
- 3+ years of experience in a incident response team (CIRT) or in a computer investigative role
- At least 2 of the following industry certifications: SANS/GIAC - GCIH, GCIA, GREM, GCFE, GCFA; Other - EnCE, EnCEP, ACE, CFCE, CCE
- Confident knowledge of incident response processes (detection, triage, incident analysis, remediation and reporting)
- Demonstrated skills in digital investigations including: computer forensics, network forensics, eDiscovery, malware analysis and memory analysis
- Solid understanding of hacker techniques (TTPs) and exploits, including current security threat landscape
- Understanding of programming and scripting such as Python, Perl, Bash, PowerShell, C++
- Extensive operating system knowledge involving Windows, Mac and Linux
- Excellent verbal, written and communication and interpersonal skills
- Be a self starter, work independently and adjust to changing priorities
3
SME CND Incident Response Analyst Resume Examples & Samples
- Provide computer network defense incident response and support, correlation analysis, and support
- Execute, draft, edit, and maintain standard operating procedure (SOP) documentation
- Maintain existing NSOC Incident Response SOP ensure associated documentation and capabilities
- Provide coordination of significant incidents to ensure proper analysis is performed and timely and accurate reporting of the incident is affected
- Provide, develop, and maintain a forensic capability to enhance response to, support of, and investigation into significant network incidents
- Provide support for the NSOC’s Incident Response 24x7 support capability during non-core business hours consistent with CNDSP requirements as needed
- Provide network forensics support
- Active high level security clearance
- Technical Training in Information Assurance, Information Technology, Medical Systems, Network Design, Strategic Planning, and/or HIPAA law
- 18+ years of hands-on experience with Information Technology, to include three of the following areas: Program Management and Strategic Planning, Systems Requirements, HIPAA Requirements, Medical Systems, Navy Medical, Operational Requirements, Enterprise Strategic Planning, Test & Evaluation, and Training
- 4+ years of experience demonstrating the ability to plan and lead a technical/engineering team in multiple, diverse engineering disciplines
- Demonstrated experience in at least two of the following areas
4
Senior Incident Response Analyst Resume Examples & Samples
- Investigate potential Security Incidents escalated by from security events
- Handle security incidents ensuring containment, eradication, and recovery with proper evidence collection and documentation through to closure
- Lead incidents, coordinating and directing multiple subject matter experts internal and external to the organization
- Manage multiple concurrent incidents through different stages and statuses
- Escalate threats and incidents to management as defined through documented processes
- Lead and control meetings with executive level participants
- Develop and present recommendations formulated from incident findings
- Proactively search for threats and suspicious behaviour within the enterprise
- Mentor personnel to improve efficiency and effectiveness
- Develop and maintain process and procedure documentation
- Assist in the maintenance of a shared incident reporting mailbox
- Stay current with the threat landscape
- Professional with 3 years experience in information security and other general IT functions
- Bachelor degree in computer and/or IT related disciplines
- Experience in a Security Operations Center environment preferred
- Experience with written communications and documentation preferred
- Certifications in information security preferred (eg. CISSP, GCIA, GCIH, GREM, CEH)
- Incident Handling and forensics
- Ability to research and analyze security threats
- Microsoft Windows and Unix Operating Systems basics
- Networking knowledge with TCP/IP packet level knowledge
- Network traffic analysis
- Knowledge in Security devices and Malware detection technologies
- Common exploitation techniques
- Automated security monitoring systems and log correlation including log collection and SIEM components
- LI-TS1
5
Incident Response Analyst Intern Resume Examples & Samples
- Threat-Centric Security
- Knowledge of NSM methods and technologies including
- Syslog
- IDS, HIDS
- Log collection, analysis, and review
- Full Packet Capture
- TCP/IP protocols
- Common application layer protocols
- Packet analysis
- Linux architecture and operating systems
- Basic data parsing (BASH, grep, SED, AWK, etc.)
- IDS types, similarities, and uses (signature-based, anomaly based)
- Understanding of IOC types
- Basic analytic diagnostic methods
- Basic malware analysis
6
Senior Incident Response Analyst Resume Examples & Samples
- Responsible for supporting Security Operations during normal business hours and in an on-call rotation outside normal business hours
- Review and analysis of intrusion detection systems, security incident event management systems, network traffic and data from solutions such as anti-malware, advanced endpoint detection/prevention, firewalls, internet/email gateways and VPNs
- Perform packet analysis to identify anomalies in protocols and payloads
- Maintains and enhances documentation and standards for discoveries and reporting of malicious tactics, techniques, and procedures
- Stay current with the latest malware, attack vectors and security trends
- Participate in incident handling, discovery, triage, containment, recovery, and remediation plan coordination
- Provides guidance to first responders for handling information security incidents
- Coordinates efforts among multiple business units during response efforts
- Provides timely and relevant updates to appropriate stakeholders and decision makers
- Assist with evaluation and integration of new products and technologies
- Provides project support related tasks to integrate security platforms as well as ongoing tuning support for existing technology
- Bachelor's degree in Computer Science, Information Security or related field
- 2-6+ years of experience in computer forensics or vulnerability analysis
- 3-6+ years of experience in information security,especially in an incident response role
- Understanding of network security devices, protocols, routing, and services
- Experience with analysis of server, network, web and mail security events
- Experience using SIEM technologies
- Familiarity with Information Security Risk Management practices
- Highest level of technical expertise in information security, including deep familiarity with relevant penetration and intrusion techniques and attack vectors
- Excellent investigative skills, insatiable curiosity, and an innate drive to win
- Security certifications such as CISSP, GCIH or GPEN are a plus
- Scripting experience, preferable with python and/or powershell
7
Senior Infosec Incident Response Analyst Resume Examples & Samples
- Maintaining information security metrics
- Support the design and deployment of a comprehensive SIEM architecture to support real-time security monitoring operations
- Monitor security events globally
- Communicate with all levels of IT Staff, follow methodologies, and create/present clear, concise deliverables
- Expertise with tools and processes used in security incident detection and handling
- Security event analysis and intrusion detection (IDS/IPS Incident response - triage, incident analysis, remediation)
- Demonstrate technical expertise with infrastructure architecture design/implementation and management
- Troubleshoot and configure networking devices, various platforms, and database (Oracle) Windows and/or UNIX system administration
- Work with global network engineers to implement security products
- Remain current on regulatory requirements affecting information security and digital investigations
- Take leadership role in developing new service offerings to meet market demands
- Must be willing to work in New York, NY or Englewood Cliffs, NJ
- Requires Bachelor's degree (in field mathematics, telecommunications, electrical engineering, computer engineering, computer science) or equivalent
- Five to seven year’s experience with information security
- Advanced studies in Information Security a plus
- Demonstrated skills in digital investigations including: computer forensics, network forensics, mobile forensics, eDiscovery, malware analysis, memory analysis, and a strong understanding of information security principles
- Experience working with recognized IT Security-related standards and technologies
- Experience in large global environments spanning multiple time-zones
- Requires deep knowledge of virtualization, Microsoft Windows systems, networking devices, and security incident audit management and reporting systems
8
Incident Response Analyst Resume Examples & Samples
- Validate, categorize and investigate escalated cyber security events from Level-1 Analysts
- Collect, assess, and catalogue threat indicators
- Perform basic malware analysis
- Assist in the enhancement of existing incident response methods, tools, and processes
- Perform further escalation to Level-3 Analyst as appropriate
- Participate in FTS and weekend on-call rotation
- Bachelors degree in computer science and engineering or related field
- 3+ years in incident analysis, security architecture, malware research, or similar experience is required
- Experience investigating common types of attacks
- Log analysis and experience reviewing Security Events
- Familiarity with malware analysis
- Familiarity with basic reverse engineering principles
- Intrusion analysis
- Security product assessments
- Host and Network Forensics
- Security tools development
- Relevant industry certification (e.g. GCIH, GCIA, etc.)
9
Senior Incident Response Analyst Resume Examples & Samples
- Responsible for providing Security Architecture services during normal business hours
- Actively seeks to identify potential security risks and opportunities to mitigate the risks with security controls
- Develop and improve documentation and standards for the Written Information Security Program
- Stay current with the latest security trends and update security controls as appropriate
- Provides guidance to project team members on how to reduce information security risks
- Leads and coordinates efforts among multiple teams including development and compliance areas to improve processes as needed to continually enhance the company’s security posture
- Assists with evaluation and integration of new products and technologies
- Perform project-related and third party risk assessments
- 6+ years of experience in risk assessment
- 6+ years of experience in information security
- Understanding of risk assessment frameworks
- Experience with the software development lifecycle
- Understanding of Information Security Risk Management practices
- Security certifications such as CISSP, CISA or TOGAF are a plus
10
Incident Response Analyst Resume Examples & Samples
- Undergraduate degree in a related or equivalent work experience
- 1-2 years of experience in an incident response team (CIRT) or in a computer investigative role
- Demonstrated skills in malware analysis and log analysis
- Programming and scripting knowledge (Python, Perl, Bash, PowerShell, C++)
- Be a self-starter, work independently and adjust to changing priorities
11
Senior Incident Response Analyst Resume Examples & Samples
- Previous operational experience in a CSIRT, CIRT, SOC, or CERT
- Foundational understanding tactics used by APT, Cyber Crime and other associated threat group
- Expert understanding of network communications (TCP/IP fundamentals, HTTP basics)
- Expert understanding of multiple operating systems such as Linux, Solaris, BSD, or Windows
- Expert understanding of intrusion detection systems (e.g. Snort, Suricata) and tools (e.g. tcpdump, Wireshark)
- Practical experience with security incident response
- Security Incident Management – analysis, detection and handling of security events
- Comprehension of how attacks exploit operating systems and protocols
- Must understand how to analyze network traffic for suspicious and malicious activity
- Hands-on experience with other security technologies
- Next-Gen Intrusion Detection Systems – FireEye, Damballa, or Palo Alto WildFire
- Security Information & Event Management (SIEM) – ArcSight, Splunk, QRadar, etc
- Packet capture technologies – NetWitness, Solera, Moloch, or at a minimum, WireShark or tcpdump
- Scripting experience with one or more of the following: PERL, Bash, PowerShell, Python
- Ability to write technical documentation and present technical briefings to varying audiences
- Ability to work with a globally distributed team and rely heavily on electronic communication
- Ability to travel as needed to support the corporate objectives
- Experience with the Network Security Monitoring methodologies
- Experience with Security Intelligence or Intelligence Analysis
- Experience in Ethical Hacking or Red Team
- Hands-on experience with forensics tools such as Mandiant Intelligent Response (MIR)
- Experience with vulnerability scanners such as: Qualys, nCircle, Nessus
- Experience with Data Loss Prevention tools such as: Vontu, McAfee DLP, OpenDLP
- Education and Experience
- 8+ years of information security experience is required; At least 7 years experience in security monitoring, digital forensic analysis, or incident response is preferred
- A Bachelor of Arts or Sciences Degree is required; or equivalent experience. A Graduate - - Degree is preferred
- Demonstrated ability to have completed multiple, complex technical projects
- Certifications in CISSP, CCSP, CISA, GSEC, CCIE, CCNP, or others are preferred
12
Digital Forensics & Incident Response Analyst Resume Examples & Samples
- Lead investigate, coordinate, bring to resolution, and report on security incidents as they are escalated or identified
- Forensically analyze end user systems and servers found to have possible indicators of compromise
- Analysis of artifacts collected during a security incident/forensic analysis
- Identify security incidents through ‘Hunting’ operations within SIEM
- Interface and communicate with server owners, system custodians, and IT contacts to pursue security incident response activities, including: obtaining access to systems, digital artifact collection, and containment and/or remediation actions
- Provide consultation and assessment on preserved security threats
- Maintain, manage, improve and update security incident process and protocol documentation
- Regularly provide reporting and metrics on case work
- 5+ years experience in one or more of the following
- Deep understanding of security threats, vulnerabilities, and incident response
- Understanding of electronic investigation, forensic tools, and methodologies, including: log correlation and analysis, forensically handling electronic data, knowledge of the computer security investigative processes, malware identification and analysis
- Experience with SIEM technologies (i.e. Splunk)
- Deep understanding of both Windows and Unix/Linux based operating systems
- Knowledgeable in business industry standard security incident response process, procedures, and life-cycle
- Good social, communication and writing skills
13
Senior Incident Response Analyst Resume Examples & Samples
- Respond to cyber incidents caused by external threats to our customers that may involve nontraditional working hours
- Specialize in host centric analysis utilizing a variety of tools and techniques such as Live Response, EnCase/FTK, and Reverse Engineering (static and dynamic analysis)
- Specialize in network centric analysis utilizing a variety of tools and techniques such as Network Security Monitoring, log analysis, and more
- Understanding of different attacks and how best to design custom containment and remediation plans for customers
- Serve as a liaison to different businesses and interface with fellow team members and colleagues on other security teams. As-needed, manage relationships with business partners, management, vendors, and external parties
- Lead projects as directed by leadership
- Be a champion for process. Develop and document processes to ensure consistent and scalable response operations
- Draft communications, assessments, and reports that may be both internal and customer facing, to include leadership and executive management
- Demonstrate industry thought leadership through blog posts and public speaking at conferences and events
- 4 year degree in Computer Science or a related technical degree, or minimum 6 years of IT experience
- Minimum 5 years of experience in information security
- Minimum 4 years of experience handling incidents
- Application security & secure SDLC
- Information Risk Management
- IT and security governance
- Incident response planning
- Security operations
- Security program development
- Compliance management
- Excellent English, second European language is a must
- Must be willing to be on-call and work off-shift hours
- Detailed understanding of Advanced Persistent Threat (APT), Cyber Crime, Hacktivism and associated tactics
- Strong track record of understanding and interest in recognized IT Security-related standards and technologies, demonstrated through training, job experience and/or industry activities
- IT security certifications
- Industry certifications such as the CISSP, GCIH, CFCE, EnCE, GFCA, and/or GCFE
14
Incident Response Analyst, Mid Resume Examples & Samples
- Experience with performing audit log aggregation analysis
- Experience with performing Netflows and traffic monitoring
- Experience with internal and external threat reporting and suspicious email analysis
- Experience with incident handling processes and procedures
- Experience with ArcSight SIEM, Splunk, RSA Netwitness, FireEye, Sourcefire Snort, Bro IDS, Fidelis XPS, and HB Gary Active Defense technologies
15
Incident Response Analyst, Senior Resume Examples & Samples
- 5+ years of experience with system administration, network engineering, or security engineering
- Ability to lead and serve a team to complete the mission, as needed and work well under pressure to rapidly scope and investigate incidents
- Possession of excellent critical thinking and analytical skills to communicate effectively under normal and stressful situations
- CISSP, Security+, or SANS Certification
16
Incident Response Analyst Resume Examples & Samples
- Bachelor’s Degree and a minimum of 5 years’ applicable experience required
- Knowledge and understanding of customer service techniques and a willingness to learn new tools and technologies and take on new responsibilities, as assigned
- Must be customer and detail oriented and possess good decision-making ability
- Candidates with these desired skills will be given preferential consideration
- Experience in using the Remedy ticketing suite
- HDI Customer Service Representative, Support Center Team Lead, or Support Center Analyst
- Proactive service desk performance management experience
- ITIL v3 Foundations
17
Senior Incident Response Analyst Resume Examples & Samples
- Maintain the security services and technologies involving the SIEM configuration & planning, and incident response
- Develop and apply the structure & methodology needed to ensure that incident response is accomplished in a consistent, thorough and measurable manner
- Familiar with risks associated with information security technologies, networks, operating systems and web applications
- Customer facing experience with strong verbal and written communication skills
- Serve as the lead cyber security technical liaison between customer staffs and other supporting entities
- Project and security service improvement
- Day to day operational response
- Forensics image acquisition
- Conduct detailed investigations on events of interest and perform system, network, and malware analysis
- Produce comprehensive documentation on findings and actions taken in formal and informal incident reports with distribution to proper channels and LE/CI
- Engage in functional integration discussion/coordination between technical and non-technical groups that may have involvement in Incident Response activities (e.g. Law Enforcement, Legal, IT, Intel, etc)
- Provide quality assurance and control over security technologies including Intrusion Detection & Prevention Systems (IDS/IPS), Firewalls & Log Analysis, Security Event and Incident Management (SEIM), Antivirus, Network
- Assist with technical requirement for special projects as required
- MBA or Technical Graduate Degree
- Information Security and Government Compliance with concentration in NIST and Critical Security Controls experience
- IT Audit and Compliance Certifications such as CISSP, CISA, and CISM
- Active DoD Clearance
18
Incident Response Analyst, Expert Resume Examples & Samples
- EnCE or ACE or CCE or related Degree
- 8 years of Information Technology experience, with at least 6 years of experience in information security working within incident response/forensics or equivalent functions
- Previous experience with Guidance EnCase or other digital investigations tools
- Strong technical skills including malware reverse engineering, memory forensics, live response techniques, registry analysis, scripting, and other relevant technical security skills such as memory forensics
- Strong case management and forensic procedural skills
- Deep knowledge of IT core infrastructure and cyber security components/devices
- Deep knowledge of TCP/IP Networking and knowledge of the OSI model
- Strong customer service skills and decision-making skills
- Significant experience with packet analysis (Wire shark) and Malware analysis preferred
- Working knowledge of PG&E infrastructure preferred
- IBM QRadar and Dell Secure Works experience preferred
- Experience with both desktop-based and server-based forensics
- Utilizes digital forensic tools including Guidance EnCase to execute digital investigations and perform incident response activities
- Conduct investigations of computer based events and other security issues
- Establishes links between suspects and other violators by piecing together evidence uncovered from a variety of sources
- Coordinates with IT to leverage skills and resources in support of investigations
- Advances the practice and science of information security investigation
- Perform hunting for malicious activity across the network and digital assets
- Provide accurate and priority driven analysis on cyber activity/threats
- Ensures all pertinent information is obtained to allow for the identification, containment, eradication, and recovery actions to occur in a time sensitive environment
- Collaborates with technical and threat intelligence analysts to provide indications and warnings, and contributes to predictive analysis of malicious activity
- Mentor junior staff in cybersecurity techniques and processes
- Resolve or coordinate the resolution of cyber security events
- Document investigation results, ensuring relevant details are passed to senior analysts and stakeholders
19
Incident Response Analyst, Junior Resume Examples & Samples
- Experience with system administration, network engineering, or security engineering in a work or academic setting
- Knowledge of the concepts of host or network incident response, malware analysis, or forensics
- Ability to pay strict attention to detail and show a solution orientation to learn and adapt quickly
- Ability to work as part of a team to complete the mission, as needed and work well under pressure to rapidly scope and investigate incidents
- Knowledge of network forensics and intrusion analysis to perform independent research and report on findings
- Knowledge of networking concepts and analysis tools and operating systems, software, and security controls
- Ability to be detail-oriented and a self-starter and quick learner
- Possession of excellent critical thinking and analytical skills, including communicating effectively under both normal and stressful situations
20
Privacy Incident Response Analyst Resume Examples & Samples
- 1+ years of experience with policy incident response
- Experience with incident response policies, standards, and best practices, including conveying information to technical and non-technical audiences orally and in writing
- CIPP Certification, including CIPP/US, CIPP/G, CIPP/IT, or CIPP/E or CIPP/C or CIPM Certification
21
Digital Forensics & Incident Response Analyst Resume Examples & Samples
- Identify security incidents through ‘Hunting’ operations within a SIEM and other relevant tools
- Provide consultation and assessment on perceived security threats
- Resolution of security incidents by identifying root cause and solutions
- Analyze findings in investigative matters, and develop fact based reports
- Ability to appropriately balance work/personal priorities
- Good social, communication, and writing skills
- 3+ years experience in one or more of the following roles
22
Senior Incident Response Analyst Resume Examples & Samples
- Knowledge of industry accepted standards and best practices related to incident response operations
- Demonstrated excellence in analytical and problem solving skills related to network, system, forensic and malware analysis
- Experience with security technologies including Intrusion Detection & Prevention Systems (IDS/IPS), Firewalls & Log Analysis, SIEM, Network Behavior Analysis tools, Antivirus, and Network Packet Analyzers, Security Systems Manager, malware analysis and forensics tools
- In-depth understanding of TCP-IP concepts and packet capture review utilizing tools such as WireShark to investigate suspicious events and anomalies
- Demonstrates knowledge in information technologies to include computer hardware and software, operating systems, and networking protocols
- Top Secret Clearance based on a SSBI AND able to meet the requirements of DCID 6/4 - Must also have an active TS/SCI clearance
- Familiarity and understanding of CJCSM 6510.01A and DoD incident response processes
- Demonstrate a strong knowledge of the Windows operating system, knowledge in various Linux distributions and the Unix framework
- Demonstrates knowledge of the following security related technologies: IPS, IDS, SIEM, firewalls, DNS, encryption, HIDS, NIDS, proxies, network packet analyzers, malware analysis, forensic tools, and enterprise level appliances
- Demonstrate a deep understanding of various open source and commercial analysis tools used for incident analysis, both network and host based understanding of DOD accreditation policies, processes, and practices
- Demonstrate expert-level knowledge in planning, directing, and managing Computer Incident Response Team (CIRT) operations in an organization similar in size to this acquisition; laboratory management and operations
- Must have a CEH certification
- 8570 Compliant for IAT III or ability to become compliant within six months (CISA, CISSP (or associate), CASP CE, GCIH, or GCED)
23
Incident Response Analyst Resume Examples & Samples
- Conduct real-time analysis of ongoing IA / CND events on enterprise network
- Identifying incidents and make recommendations to protect the network
- Conduct initial, formal incident reporting (outlined in CJCSM 6510.01B, “Cyber Incident Handling Program,” dated 10 Jul 2012 or later)
- Support the transition of network defense configurations as informed by resolved incidents in order to prevent future occurrences
- Four years of experience in lieu of a degree
- Demonstrated experience in supporting CND and/or network systems and technology
- Vulnerability scanning experience using Retina and/or Nessus
- Experience with TCP/IP network protocols
- DoD 8570 compliant by obtaining/maintaining required IAT Level II certifications such as; GSEC or Security + CE or SSCP or CCNA Security
- DoD 8570 compliant by obtaining/maintaining required CND-IR certifications such as CEH or GCIH or CSIH or GCFA orSCYBER
- Knowledge of Federal computer security policies
24
Senior Incident Response Analyst Resume Examples & Samples
- Manages and executes multi-level responses and addresses reported or detected incidents
- Coordinates and distributes directives, vulnerability, and threat advisories to identified consumers
- Develops focused reporting and briefings for advanced cyber threats and activity
- Provides correlation and trending of Program’s cyber incident activity
- Create TTPs, AARs, and ability to do deep drive investigations on complex incidents
- Maintains situational awareness reports for advanced threats such as Advanced Persistent Threat (APT) and Focused Operations (FO) incidents
- Act a SME and trainer to T2 and T1 personal as needed
25
Incident Response Analyst Resume Examples & Samples
- Respond to an ever-changing environment, grow technically, quickly and effectively learn new systems
- Initiate and execute problem solving in systems, procedures, reports or analysis, where the environment or scope is sometimes ambiguous
- Achieve outcomes in an environment where there is little instruction on day to day work
- Think critically and contribute to challenging assignments in a business-critical environment
- Flex working hours to cover all times for support if needed in a 24x7 environment
- Inspire confidence from users and colleagues with excellent verbal and written communication, comprehension, facilitation and troubleshooting skills
- Interact with and influence employees from a variety of diverse backgrounds at all levels of the organization without direct authority
- Accept ownership of problems / issues and see them through to resolution with sharp customer focus
- Utilize strong interpersonal skills to establish partnerships with partner, delivery and operations teams
- Understand and utilize ITIL / ITSM best practices to drive improvements with internal and external teams
- Leverage a Bachelor’s degree or equivalent demonstrated work experience to contribute to continuous improvement
26
Cybersecurity Incident Response Analyst Resume Examples & Samples
- Analyze potential new security threats utilizing data from managed service providers, various security tools and devices and other sources
- Work with the IR lead to develop protocols for newly discovered threats so managed service teams can investigate and remediate future attacks
- Conduct forensic investigations on potentially infected devices to determine the extend of the potential infection and what actions were triggered
- Work with various IT and business operations teams to ensure threats are remediated and neutralized on end points
- Stay abreast of current business and industry trends in information securityattacks
- Stay abreast of current business and industry trends in information security
- Bachelors or Masters Degree
- 4-5 years relevant experience
- Experience working in global teams
- Broad knowledge of information security concepts and methods
- Microsoft Windows expertise
- Unix/Linux expertise a plus
27
Senior Incident Response Analyst Resume Examples & Samples
- Responsible for the technical execution of incident handling functions as well as directly responding to severe network incidents
- Employs various techniques to discover and resolve evidence of malicious activity and open vulnerabilities on the enterprise network
- Active DoD Secret, (TS preferred) Security Clearance
- A Master’s degree in computer science or related discipline plus 2 years of demonstrated operational experience; or
- A PHD degree in computer science or related discipline plus 3 years of demonstrated operational experience; or
- Eight years of experience in lieu of degree
- Well versed with CJCSM 6510 policy and procedures
- Ability to directly manage severe network incidents
- Conduct event trend analysis
- 8570 IAT LVL 3 (CISA or GCIH or CISSP or CASP CE)
- 8570 CND Auditor (CISA or GSNA or CEH)
28
Incident Response Analyst Resume Examples & Samples
- Analyze and investigate events using an enterprise security information and event monitoring (SIEM), logs from firewalls, IDS/IPS, proxies, servers, endpoints and other network devices to determine risk
- Assist in the administration and integration of security tools to include new data/log sources, expanding network visibility and automation
- Research the latest vulnerabilities, exploits and other relevant threat information and trends
- Collaborate and interact with peers and stakeholders across the Corporate and Business Unit information technology organizations
- Rotational, after-hours operational support (on-call)
- Minimum 3 years working in IT Infrastructure, Networking or Security Incident Response required
- Capability to think and operate independently and in a team environment with minimal supervision
- Proactive and results driven mindset
- Strong process orientation and ability to develop and follow standard work; attention to detail
- Proven ability to troubleshoot and solve technical issues
- Network analysis using Tcpdump, Wireshark or other packet capture tools
- Searching, interpreting and working with data from enterprise logging systems to include syslog, netflow and SIEM/SEIM platforms
- Scripting languages such as Perl, Python and PowerShell
- Windows and Linux operating systems
29
Incident Response Analyst Resume Examples & Samples
- Identify cybersecurity threats and perform analysis of reported anomalies on Visa networks and systems
- Mitigate and contain identified threats using approved methodologies when detected. Initiate escalation procedures and incident response processes as defined in operational plans
- Monitor information security alerts though the use of a Security Information and Event Manager (SIEM) to triage, mitigate, and escalate issues as needed while capturing essential details and artifacts
- Utilize sensor data and correlated logs containing IDS/IPS, AV, Windows events, web proxy, and similar data to establish context and to rule-out false positives
- Operationalize actionable intelligence reports from the Threat Intelligence team and external sources
- Coordinate the initial workflow and response for varying case types with internal and external teams
- Collaborate with operational support staff to ensure they are actively engaged in potential security threats and concerns
- This position is staffed in shifts supporting a 24x7x365 global security operations center. Analysts work a series of 12-hour shifts (followed by days off) in the daytime and operations are transitioned to another operational site at night. Staff assigned to the operations center are considered critical and may need to cover holidays and weekends, if scheduled. There are opportunities for overtime while working extra shifts to ensure operational coverage when needed
- Provide feedback to peer teams to enhance the sensor set and improve signature fidelity
- Contribute to projects that enhance the security posture of the enterprise. Opportunities may include big data analytics, automated malware analysis tools, whitelisting/blacklisting, NAC, deep packet inspection, live forensics, and others
- Identify trends, potential new technologies, and emerging threats which may impact the business
- Provide technical advice and input for the support of integrated security systems and solutions
- Previous security operations center experience is desired
- Strong analytical skills and an ability to quickly learn and adapt to new technologies
- Experience operating and administrating Security Information and Event Management (SIEM) platforms
- Possess functional knowledge and administrative experience on Windows and Unix/Linux Platforms
- A solid foundational understanding of TCP/IP and networks to include firewalls, routers, and ACLs
- Strong working knowledge of malware in its varying forms, common delivery mechanisms, and common mitigation steps
- Ability to convey security concepts related cybersecurity events to both technical and non-technical audiences
- Experience with IDS/IPS, Splunk, FireEye, and similar technologies is desired
- A bachelor's degree in a technical discipline
- Ability to communicate and collaborate effectively with other team members in a geographic and culturally diverse workforce
30
Digital Forensics Incident Response Analyst Resume Examples & Samples
- 1+ years of experience with forensic examinations of digital media, including desktop, laptop, mobile, and peripherals
- Experience with Cyber and digital forensic tools
- Experience with e–discovery and forensic imaging tools and techniques
- Experience with Windows, Mac, and Linux operating systems file system forensics
- Ability to provide technical support for partners and clients and provide expert witness testimony in legal depositions or court proceedings
- Ability to travel up to 75–80% of the time
- Experience with tools, including FTK, EnCase, and Cellebrite
- Experience with scripting languages
- Knowledge of common network and host security technologies
- Professional Certification in Digital Forensics, including GCFA, CDFI, and Encase EnCE preferred
31
Incident Response Analyst Resume Examples & Samples
- 6+ years of general work experience
- 3+ years of relevant experience in functional responsibility
- CEH, eCPPT, OSCP, GCFW, GCIH, other relevant IT security certifications
- Splunk Certified Architect or SourceFire Certified Administrator
- Security+, Network+, GSEC
- Tenable Certified Nessus Auditor, ArcSite Certified Systems Analyst, or SnortCP CISSP, or CISM
32
Incident Response Analyst Resume Examples & Samples
- Experience in a similar role within a global environment, ideally
- Understanding of security protocols and all relevant relations such as HTTPS, TLS, SSL, SSH, PKI, IPSEC, VPN
- Ability to run and configure security testing tools and analyse the results
- Experience of security monitoring and Security Operation Centre (SOC) tools would also be quite useful
33
Incident Response Analyst Resume Examples & Samples
- Coordinate with customers to identify, analyze, and mitigate security incidents
- Conduct incident detection, containment, eradication, and recovery procedures
- Manage security incidents to ensure mitigation and remediation efforts are completed
- Monitor and assess threat intelligence feeds for actionable indicators or potential risks
- Responsible for creating and evaluating workflow processes, procedures, and checklists
- Familiar with enterprise level Anti-Malware, NAC, and vulnerability management solutions
- Familiar with security hardware and software i.e. firewalls, IPS/IDS, VPN, Proxy, and DLP
- Experience responding to attack vectors: malware, data exfiltration, DDoS, and phishing
- Excellent oral and written communication skills and ability to present to small groups
- Support investigations through data analysis and information gathering; collection and protection of evidence, and documentation of lessons learned
- Technical knowledge of TCP/IP, packet flows, and higher level protocols
- Minimum 6 years of IT system, network, and/or application administration experience
- At least 2 documented years of experience with security monitoring, forensics, or IR
- License/ Certificate
34
Digital Forensics & Incident Response Analyst Resume Examples & Samples
- 7+ years experience in at least two of the following roles
- SOC Analyst
- Security Incident Response Analyst or supporting function (3 years minimum)
- EDiscovery or related role performing forensic functions
35
Incident Response Analyst Resume Examples & Samples
- High School diploma or equivalent experience required
- Bachelor's degree in relevant field preferred
- At least one year on-air experience required; Basic editing skills; knowledge of AP style
- Journalism background/experience required
- Professional contributor with ability to work with a team
- May be responsible for entire projects or functions where general guidance and training of less experienced professional and/or support personnel are needed
- Independently performs assignments with instruction limited to results expected
- Mastery of the theories and applications of professional journalism
- Exceptional command of the English language
- Ability to perform multiple tasks in a fast paced environment
- Exceptional organization
36
Senior Digital Forensics & Incident Response Analyst Resume Examples & Samples
- Monitor, triage, and prioritize events, alerts and tips for further investigation
- Investigate events, alerts and tips to determine if an incident has occurred
- Investigate network traffic for potential security incidents using
- Sensor data
- Packet captures (occasional)
- Coordinate the response for confirmed security incidents, to include efforts to contain, remediate, recover, and prevent
- Escalate to Enterprise Network Defense Analysts for more complex, deep, or lengthy investigations
- Maintain situational awareness and keep current with cyber security news and threat actor Tactics, Techniques, and Procedures (TTPs)
- Document investigations using tickets, incident reports, etc
- Support the production of effective situational awareness products with relevant metrics and visualizations for key constituents and leadership
- 5+ years of hands-on incident response or security related experience
- Understand sound investigative techniques for suspected and confirmed incidents
- Able to gather all relevant incident information (e.g., affected systems, asset information, vulnerability information, system configurations, logs, console reviews, memory dumps, forensic analysis, etc.) in accordance with incident management and response processes
- Able to analyze incident information to understand the scope of the incident
- Has responded to current security incident types, such as DDOS attacks, anomalous activity, malware infections, APT activity, unauthorized access, data extraction, etc
- Has assisted with task automation and process improvements
- Must have displayed leadership and team-centric skills and have strong solution orientation
- Strong Documentation Skills
- Has experience leading and facilitating meetings (in-person or virtual)
- Ability to analyze forensic and log data to identify root cause and or indicators of compromise
- Solid knowledge of Network Protocols, Packet Captures, Security Controls, Scripting, SIEM, standard ticketing systems, Open Source Tools, Web Application Firewalls, PKI, vulnerability scanning
37
Incident Response Analyst Resume Examples & Samples
- Collect and analyze event information and perform threat or target analysis duties. Interprets, analyzes, and reports all events and anomalies in accordance with Computer Network Directives, including initiating, responding, and reporting discovered events
- Report to, and coordinates with external organizations and authorities
- Author Standard Operating Procedures (SOPs) and training documentation
- Act a SME and trainer to T1 personal as needed
38
Incident Response Analyst Resume Examples & Samples
- Identify Define, and Nominate collection requirements in furtherance of requirements defined by management, and operational teams
- Support internal investigations and identify security gaps and strategies
- Perform initial forensic physical and/or logical analysis as directed
- Leverages ability to identify new attack TTPs and recommend mitigation techniques
- Will use disparate data sources and evidence to detect and decipher abnormalities in various log formats, with a primary focus on the internal threat landscape
- Provides security/forensic leadership in the direction of role/team specific activities in support of day to day operations
- Ability to follow established processes and to improve as needed
- First point of contact for all security related incidents
- Primary internal subject matter expert and escalation point for incident response, network and security tool monitoring
- Responsible for applying knowledge of common attack vectors, methods and mitigation techniques against existing EFX data stores and controls
- Primary expertise in the analysis (static and dynamic) of malicious code in support of day to day operations and incident response
- Responsible to conduct cyber investigations while maintaining integrity of evidence
- Develops metrics and reports in support of CTC leadership and daily operations
- Experience using disparate data source and evidence to detect and decipher patterns, up to and including actor attribution, in support of day to day operations
- Demonstrates expertise in data mining & visualization tool development
- Experience applying social theory models to cyber/digital evidence to discern/score possible outcomes / motivations
- Working with internal and external subject matter experts (info sharing/ investigations) to aide in collective knowledge and understanding a problem-set or actor group
- Will competently describe, develop and refine use-case scenarios for new and existing analytical tools as part of daily operational duties
- Enriches team value by sharing knowledge
- (Minimum 7 required)
- Strong knowledge of tools used for network security (DLP, NIPS, HIPS, AV, Firewalls, etc)
- Thorough understanding of network protocols
- Mastery of *nix and Windows operating system functionality
- Superb analytical, documentation, and communication skills an must
- Experience developing intelligence reports
- Experience in in-depth evaluation of disparate data sources (trends and reporting)
- Demonstrated experience in malware analysis or exploit development
- Hands on experience reversing malware
- Experience using IDA pro, OllyDbg, WinDBG, or any other applicable tools for reversing of compiled code
- Experience creating Indicators of Compromise (IOCs) from malware analysis for integration into operations
- Experience in conducting investigations in support of criminal or civil litigation
- Experience in system testing and use case development in support of highly technical customized applications
- Experience in connecting disparate data elements in order to identify patterns of behavior in support of Intelligence reporting
39
Incident Response Analyst Resume Examples & Samples
- 1 – 3 years hands of experience in the field of intrusion monitoring, incident response and mitigation, web application security, threat research or intelligence analysis
- Demonstrable experience in information sharing platforms like memberships to trust groups for intelligence sharing (FS-ISAC)
- Candidates must be willing to work in an on-call situation
40
Lead Incident Response Analyst Resume Examples & Samples
- Lead the Incident Response team and manage incidents through to resolution in partnership with departments across the organization
- Oversee forensic investigation capabilities ranging from system to network activity and all artifacts which tell a story of what could have happened
- Translate technical details pertaining to incident response into consumable elements for non-technical groups
- Partner with and maintain relationships with external resources that could be associated with incident response
- Maintain and perform upkeep on the policies, protocols and runbooks associated with the IR team; communicate and train non-security departments involved through documentation and recurring tabletop exercises and simulations
- Lead post incident after action reviews to determine what went well, what needs improvement and track remediation elements with applicable groups
- Supply enhancements to detection and prevention systems managed by the Blue Team as necessary and collaborate with the Red Team on campaigns they execute
41
Senior Incident Response Analyst Resume Examples & Samples
- Acts as Incident Commander for high impact cyber breaches and advanced attack methods through using the Cyber Kill Chain methodology as well as the TMC playbook based on NIST methods and procedures
- Conducts malware analysis and identification of Indicators of Compromise (IOCs) to evaluate incident scope and associated impact
- Utilize analytic experience to address cyber-attacks and mitigate indicators and correlations to identify attribution and potential threat and impact to Verizon resources through the following cybersecurity method of: Preparation for malicious actions, identification of malicious actions, containment of a security incident, eradication of the malicious software, and system recovery
- Enhance workflow and processes driving incident response and mitigation efforts
- Executes the Incident Response Lifecycle to drive threat remediation and identify strategic countermeasures improving future defenses
- Expert leverage of Forensics techniques, tools, and capabilities to support Cyber Incident Response activities
- Leverage of Enterprise Anti-Virus, IDS, Full Packet Capture and Host/Network Forensics Tools for Incident Response analysis
- Provide leadership and guidance to advance the defensive capabilities of the Threat Management Center (TMC) and its subsequent ability to defend the Verizon Enterprise
- Writes technical articles for knowledge sharing
- Provides Training and Mentoring of junior and mid-career team members
42
Incident Response Analyst Resume Examples & Samples
- Utilizes and adheres to defined workflow and processes driving the Incident Response and mitigation efforts
- Collects supporting information and/or relevant artifacts in support of Incident Response activities
- Escalates and hands offs to team members and leadership based on defined threat and priority determination
- Conducts technical analysis against impacted systems to determine impact, scope, and recovery from active and potential cyber incidents
- Leverages basic Forensics tools, techniques, and capacities to support Cyber Incident Response activities
- Documents results of cyber threat analysis and subsequent remediation and recovery in an effective and consistent manner
43
Incident Response Analyst Resume Examples & Samples
- Identify, Define, and Nominate collection requirements in furtherance of requirements defined by management, and operational teams
- Bachelor’s Degree and 5+ years of experience in related field
- Strong knowledge of tools used for network security (DLP, NIPS, HIPS, AV, Firewalls, etc.)
- Proficient in the use of the varied and diverse log analysis and forensic tools
- Ability to work or be on-call during off hours
- Demonstrated flexibility, initiative, judgment and discretion
- Willingness to learn new tools and processes
44
Incident Response Analyst Resume Examples & Samples
- Escalates and hands off to team members and leadership based on defined threat and priority determination
- Conducts technical analysis on impacted systems to determine impact, scope, and recovery from active and potential cyber incidents
- Leverages Forensics tools, techniques, and capacities to support Cyber Incident Response activities
- Executes the Incident Response lifecycle and coordinating remediation activities throughout the Verizon organization and its lines of business as a part of Cyber Incident Handling
- Applies thought leadership to enhance and advance the defensive capabilities of the Threat Management Center (TMC) and its subsequent ability to defend the Verizon Enterprise
- Recommends solutions to optimize both technical and process/procedure aspects of the end to end incident lifecycle
- Provides Training and Mentoring of Junior team members
45
Incident Response Analyst Resume Examples & Samples
- Monitoring and analyzing network traffic, Intrusion Detection Systems (IDS), security events and logs
- Prioritizing and differentiating between potential intrusion attempts and false alarms
- Creating and tracking security investigations to resolution
- Composing security alert notifications and other communications
- Advising incident responders in the steps to take to investigate and resolve computer security incidents
- Staying up to date with current vulnerabilities, attacks, and countermeasures
- This position requires the ability to work a shift schedule
- The ideal candidate should be able to multitask and give equal attention to a variety of functions while under pressure
- Level II CompTIA Cert or Higher
- Previous experience on a Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) or a Security Operations Center (SOC)
- Experience with Anti-Virus, Intrusion Detection Systems, Firewalls, Active Directory, Vulnerability Assessment tools and other security tools found in large network environments; along with experience working with Security Information and Event Management (SEIM) solutions
- Digital Media Analysis (DMA) and prior computer forensics experience strongly desired, but not required
- Must possess excellent written communication skills and the proven ability to understand and present complex, technical information to both technical and non-technical audiences
46
Incident Response Analyst Resume Examples & Samples
- Responsible for executing processes within all activities within the security Incident response lifecycle. These activities include: detection, triage, analysis, containment, recovery and reporting
- Coordinates response, triage and recovery activities for security events affecting the company’s information assets
- Leads efforts in the improvement and development of process/procedure manuals and documentation for incident response, threat intelligence, advanced persistent threat detection and vulnerability analysis
- Develop communication channels with technology owners and the business to evangelize the evolving threat landscape
- Must be able to present to different audiences and adjust accordingly (business, technical and management) either structured presentations or ad-hoc. Must be able to establish and maintain business relationships with individual contributors as well as management
- 5+ years of Information Security or related technology experience
- At least 1 year of Information Security Incident Response experience
- Relevant security knowledge and experience in two or more of the following areas: incident response, malware analysis, threat analysis, network/host intrusion detection, security operations
- Demonstrated experience with using and/or implementing SIEM technology (Splunk, Arcsight, QRadar, etc) and use cases
- Demonstrated experience in handling cyber incidents and response in similar critical environments (Malware Analysis, Email Threat Analysis, Web Threat Analysis, etc)
- Strong knowledge of enterprise detection technologies and processes (Advanced Threat Detection Tools, IDS/IPS, Network Packet Analysis, Endpoint Protection)
- Advanced knowledge of network protocols and operating systems (Windows, Unix, Linux, Databases)
- Experience in the following: Unix Scripting, Programming, SQL, WAF, Reverse Engineering Malware, Vulnerability Analysis/Assessment
- Experience working in a Security Operations Center (SOC) environment
- Bachelor’s degree in Computer Science, Information Technology or Business Management
- Proven ability to lead and influence across and up during business impacting events
- Ability to influence and guide decision making in crisis moments
- CISSP or security-related certification is preferred. Other relevant security certifications will be considered such as CEH, GCIH and GIAC. If you are interested in this opportunity, please send an updated resume to tkent@apexsystemsinc.com EEO Employer
47
Incident Response Analyst Resume Examples & Samples
- Experience with system administration, network engineering, and security engineering
- Experience with performing host or network incident response, malware analysis, or forensics
- Knowledge of host and network log sources to apply to investigation, IR methodology in investigations, and the groups behind targeted attacks and their tactics, techniques, and procedures (TTPs)
- Ability to pay close attention to detail, exhibit critical thinking or logic, and solution orientation
- Ability to obtain a security clearance
- Knowledge of networking concepts, analysis tools, and operating systems, software, and security controls
- Ability to be a self-starter, quick learner, and detail oriented
- Ability to exhibit originality and creativity in problem solving
- Active Secret clearance or higher
- BA or BS degree in Engineering, CS, Information Security, or Information Systems
- Industry-recognized Information Security Certifications, including CISSP, Security+, or SANS
48
Incident Response Analyst, Mid Resume Examples & Samples
- 3+ years of experience in Cybersecurity
- Experience with system administration, network engineering, or security engineering
- Ability to lead and serve a team, as needed to complete the mission, and work well under pressure to rapidly scope and investigate incidents
- Knowledge of networking concepts and analysis tools
- Knowledge of operating systems, software, and security controls
- Ability to be original and creative in problem solving
- Ability to be a self-starter, quick learner, and detail-oriented
- Possession of excellent analytical skills with close attention to detail, critical thinking and logic, and solution orientation with
- Active Secret clearance preferred
- BA or BS degree preferred; MA or MS degree in Engineering, CS, Information Security, or Information Systems a plus
- Industry recognized Information Security Certifications, including CISSP, Security+, or SANS
49
Senior Incident Response Analyst Resume Examples & Samples
- Technical leadership guiding the development and evolution of our security monitoring platform as well as detection and response procedures
- Investigate potential threats, notable events, and suspicious activity, then lead our technical response
- Monitor and analyze security events and identify trends, attacks, and potential threats
- Ensure that all incidents are recorded and tracked to meet audit and legal requirements where necessary
- Provide continuous metrics and performance indicators to the leadership team highlighting the effectiveness of the detection and mitigation capability
- Maintain knowledge of threat landscape by monitoring OSINT and related sources
- Serve as a senior mentor to CSIRT staff
- Experience using and extending Splunk is a plus
- Incident Response experience in a MacOS environment is a plus
- CISSP, GIAC, GCIH, or other security related certification
- Threat hunting experience
- Hands-on experience with security technologies
50
Incident Response Analyst Resume Examples & Samples
- First point of contact for security related incidents
- Provide training and mentoring of team members
- Work on escalated incidents that are sent from Security Operations Center (SOC)
51
Senior Incident Response Analyst Resume Examples & Samples
- Lead efforts in intrusion detection, malware analysis, and APT analysis
- Design and execute remediation efforts within the "Response" phase of cyber incident lifecycle across functions, business units and regions
- Continuously engage intelligence team in a two way conversation: Develop, refine, and maintain intelligence requirements to focus intelligence in support of detection operations, and provide feedback on detection indicators and intruder tactics, techniques, and procedures
- Mentor and provide direction to junior analysts, conduct additional triage on escalations from those analysts
- Conduct forensic investigations of internal or external threats based on a working knowledge of IT environments including: Microsoft Windows, Apple MAC, Linux, mobile devices and infrastructure components such as firewall technology, Active Directory, and operational log and event console activity
- Champion use of processes, standards, governance, and disciplined execution
- Evaluate and use advanced IR products and services to improve efficiency and effectiveness of incident response
- Lead projects to enhance CSIRT capabilities up to region or sector level
- Collaborates with business, peers, and vendors to drive robust prevention, detection, and remediation methodologies
- 5 years experience in cyber security incident response, security operations, or a graduate of Eaton's Leadership Development Program
- Deep understanding of multiple Information Security disciplines with relevant work experience and/or relevant certifications (e.g. GCIH, CSIH, GREM, etc.)
- Deep understanding of common threats, penetration/intrusion techniques and attack vectors
- 3 years of experience with security technologies (e.g. IPS, IDS, SIEM, DNS, proxies) and detection techniques (e.g. forensics, malware analysis, packet analysis)
- 3 years of experience in correlating events from multiple sources to detect suspicious and/or malicious activity
- 3 years of application development and secure programming techniques
- 3 years of solution design and architecture
- 3 years of experience in internet technology and remote access control systems
- Excellent proficiency with the English language (written and verbal). Additional language capabilities are a plus
- Bachelor’s or Master’s degree in a technical discipline such as: B.E / BTech / MCA / Equivalent (EITC) or B.S. Comp Science / Mathematics / Engineering / Equivalent
- 10 years of IT experience in information technology
52
Manager, Incident Response Analyst Resume Examples & Samples
- Proactively seek, monitor for and respond to security incidents, as well as perform personnel investigations
- Exercise all phases of incident response life cycle: analysis, containment, eradication, remediation, recovery
- Monitor for external threats, assessing risk to the KPMG environment and driving risk mitigation and response activities
- Evaluate external threat intelligence sources related to zero day attacks, exploit kits and malware to determine organizational risk and improve threat detection
- Conduct host based forensics and analysis to determine root cause and impact; define, document, test and manage incident response processes; mature and integrate processes and technologies, with the objective of the continued development of a “single plane of glass” for monitoring and comprehensive incident response process
- Stay abreast of the latest information security controls, practices, techniques and capabilities in the marketplace; lead internal skills development activities for information security personnel on the topic of security monitoring and incident response, by providing mentoring and by conducting knowledge sharing sessions
- Minimum five years of progressive security monitoring experience, security operations, and incident response activities; preferably within a professional services firm or similar environment
- Strong written and verbal communication skills; ability to understand complex problems while formally presenting them simplistically; ability to lead meetings, divide responsibilities, and influence people to take action to assist in the resolution of security incidents
- Understanding of network and system intrusion and detection methods; examples of related technologies include Splunk, Next Generation Endpoint Protection Platforms (EPP), Security information and event management (SIEM)
- Experience with malware analysis, endpoint lateral movement detection methodologies and host forensic tools
53
Cybersecurity Incident Response Analyst Resume Examples & Samples
- Document incidents investigations including root cause analysis, incident summaries, and management presentations
- A deep understanding and experience in Digital Forensics and Incident Response
- Expert-level proficiency with major DFIR tools and techniques, including disk, memory, network forensics, and malware reverse engineering
54
Incident Response Analyst Resume Examples & Samples
- Bring operational support to a team that handles high priority requests related to user safety
- Available to work a regular schedule of either Tuesday-Saturday, or Sunday-Thursday. Also will consider standard working hours
- Coordinate with internal partners and external law enforcement agencies to provide assistance to people in crisis
- Respond to process and policy questions from law enforcement, government agencies and internal parties, both in writing and over the phone
- Work with a cross-functional team, drive improvements to policies and processes within the law enforcement response team
- Willing and able to work with sensitive issues that include child exploitation, graphic violence, and sensitive content which may be considered offensive
- BA/BS degree and 6+ months experience in incident response teams
- Organized with the ability to prioritize multiple functions and tasks while managing work time without compromising quality
- Able to work independently with judgment
- Able to communicate with both cross-functional teams and law enforcement agencies
- Experience in various computer systems, internet technology and software (PC, Mac, MS Office, online research, etc.)
55
Senior Cybersecurity Incident Response Analyst Resume Examples & Samples
- Use security monitoring technologies to analyze security events
- Provide mitigations services for identified threats and incidents
- Utilize digital forensic incident response methodologies to investigate and analyze incidents in a forensically sound manner
- Identify innovative opportunities for digital forensic, incident response tools and processes which enable rapid analysis and response to security incidents at enterprise scale
- Maintain and develop documentation including procedures, reports, and metrics
- Mentor or provide training to other Internal Security teams
- Strong multi-disciplinary background in information technologies such as: enterprise web applications, programming, networking, and system administration
56
Incident Response Analyst Resume Examples & Samples
- Manage security tools, provide system administrative support and maintain and upgrade tool sets
- Provide level 1 and 2 support to the cyber security service desk requests
- Monitor Cyber Security defenses for anomalies and provide response capabilities to quarantine, identify false positives, remediate, and recover from security incidents
- Continuously monitor changes to computing infrastructure. Understand how changes impact cyber security and propose and implement the most effective security solutions. Perform risk assessments for technical changes within the environment
- Participate in and conduct cyber security investigations involving compromise of critical systems
- Act as a core technical member in a cyber security incident response team
- Analyze the security risks associated with changes in the agency’s computing infrastructure and then provide the design and implementation of safeguards to minimize the risks to an acceptable level
- Provide support for vulnerability assessments and remediation efforts
- BS in Engineering, Computer Science or related Science degree
- 2-3 years managing security tools including advanced malware protection clients, or security vulnerability tools
- Experience working within a SOC
- Experience with activities related to Incident Response and Intrusion Detection