Cyber Security Incident Response Analyst

Cyber Security Incident Response Analyst

Phenom People

Job Description

Job Requirements

We're looking for a full-time phenomenal Cyber Security Incident Response Analyst to apply their expert knowledge and passion for creating capabilities to investigate and respond to security events and incidents. The Cyber Security Incident Response Analyst will lead investigations into identified malicious activity and provide a proper response to resolve the incident. Additionally, the Cyber Security Incident Response Analyst will also help shape the future of our Phenom's Incident Response Program, building the framework to be able to detect, remediate and prevent compromises and develop and improve playbooks for triage and response.

Work Experience

What You'll Do
  • Monitor cybersecurity solutions and associated alerts to identify and respond to cyber security attacks, threats and incidents.
  • Effectively manage and remediate any cyber security incidents, as well as gathering data and artifacts relevant to the investigation.
  • Ensure incident records and details are well documented throughout all phases of incident management in support of inquiries from compliance, recovery, regulatory and legal requirements.
  • Conduct forensics analysis, and Develop Root Cause and Corrective Action Reports.
  • Use technical writing and effective communications to prepare and deliver incident response results reports to all levels of audiences (peers and or leadership).
  • Recommend, document, build and implement future use cases for detections, control tuning adjustments for higher-fidelity detection and deployment of specific countermeasures and mitigating controls.
  • Utilize cybersecurity solutions to conduct large-scale investigations to examine cloud environments, endpoint and network-based sources of evidence.
  • Understand and follow the Phenom's Incident Response framework and apply it to cybersecurity work.
  • Support and contribute to improve Phenom's business processes and incident response methodologies and assist in establishing policies and processes to have a 24/7 incident response capabilities.
  • Successfully complete the assigned Threat Hunts (proactively identify advanced attacker activity based on specific TTPs and adversary behaviors) based on curated Threat Intelligence to track and report on evolving threat landscape.
  • Establish and Develop collaborative working trust-based with peer groups, business units and other teams.
  • Conduct post-mortem reviews and provide a summary of lessons learned and reporting status on remediation and corrective actions for the improvement of prevention, detection and reaction process and solutions.
  • Support in the development and maintenance of Cyber Security Policies and Playbooks and other incident related instructions, forms, and templates to ensure a highly effective incident management process.
  • Liaise with other functional teams as required to support the CSIRT (i.e., CISO, Legal, Communications, HR)
  • Evaluating new technologies, languages, or vendor solutions to determine whether they fit Phenom's Incident Response needs.
  • Working with leads and managers across Phenom People to facilitate data sharing and automate data collection for incident response.
  • Perform research and analytics and stay apprised on new security vulnerability, threats, risks, attack tools and techniques to contribute and improve Phenom's Threat model and collaborate with senior engineering and product management staff to incorporate effective security standards and controls into product design.
  • Provide analytic support to answer questions about incidents, and general threat intelligence trends

Must Have
  • Bachelor's degree or higher in related field
  • 5+ years experience in cybersecurity, compliance and risk management, including privacy, controls, etc.
  • 3+ years hands-on technical expertise in Cyber Security Incident Response.

Specialized Knowledge
  • Analytical and investigative abilities with hands-on experience on cyber security incident response and response automation strategies, and ability to work to tight guidelines and under high pressure in the context of cyber incidents
  • Experience working with Threat modeling (e.g., STRIDE, PASTA, FAIR, Security Cards), operational threat intelligence, and attack framework standards (e.g., MITRE ATT&CK) with a good understanding of the Cyber Kill Chain and pervasive threat attack methods and remediation.
  • Good understanding and hands-on experience with common security systems, including WAF, IPS/IDS, EDR, DLP, authentication systems, content filtering, etc.
  • Experience developing detection logic for enterprise SIEM systems and with exploitation techniques and use case development.
  • Experience in the detection and response to malicious activity using log data and alerts from cybersecurity solutions, systems and network devices.
  • Experience extracting and analyzing forensic artifacts across Windows, Mac, and Linux operating systems.
  • Coding Experience in Scripting & programming languages (such as Java, Bash, Python, PowerShell etc.) to use these skills to aid in responding to incidents involving Windows, Linux, and Mac hosts, as well as automate common analytical processes to reduce analyst time and avoid repetitive incident response tasks.
  • Experience supporting an Incident Response Program through the development of procedural documentation (playbooks and runbooks).
  • Understanding of Amazon Web Services cloud environments and its security controls and their corresponding challenges.
  • Understanding of microservices architectures & distributed Platforms especially in the SaaS businesses
  • Understanding of global frameworks and standards like NIST, ISO 27001/27002/27017/ 27018, GDPR, etc.
  • An Information Security qualification or evidence of starting to work toward SANS GCIH, GCIA, GREM, GCFA, OSCP or similar certification.
  • Thought leadership, critical thinking & problem solver, strong organizational skills, report writing skills to senior level, ability to prioritize and multitask



Here's how an Opportunity with PHENOM is Beneficial:-
  • You will get to work with Best In Industry Class of Talent
  • You will get to experience working on scaling up things from the scratch
  • You will get to work on latest cutting edge technologies
  • You will experience working in a fast-paced & challenging environment
  • You work will always be recognized & rightly appreciated with growth in career & monetary aspects as per the industry standards.

Phenom delivers the Phenom Talent Experience Management (TXM) platform to transform the talent journey from interested candidates to thriving employees to enthusiastic brand advocates while helping HR break the stereotype of being a cost center instead of a revenue generator.

Similar Jobs

People Also Considered

Career Advice to Find Better