Incident Response Analyst

Incident Response Analyst

3-5 years
Not Specified

Job Description

Job Summary
This position functions as a member of the corporate information security office (CISO) team and will be an integral participant in drafting and reviewing incident response process documentation. The position shall monitor threat information sources, participate in incident response and root cause analysis, and produce metrics relevant historical events and/or incidents. The position works with local offices and their administrators to assist in accomplishing incident triage and forensic activities consistent with documented procedures for confirmed incidents. The position shall report to and work with the Information Security Manager. In addition, the position shall work with peer team members, Director of Operations & Security, and the corporate legal team.
Job Requirements
  • Participate in drafting and reviewing incident response process documentation
  • Coordinate response, escalation, tracking and analysis of incidents at remote offices
  • Participate in the Information Security Incident Response process (Corporate and Seattle practice offices)
  • Development of Incident Response dashboard and metrics as directed by manager
  • Conduct advanced computer and network forensic investigations relating to various forms of malware, computer intrusion, data breaches, etc.
  • Participate in threat hunting activities to proactively search for threats in the enterprise environment
  • Management and monitoring of data loss prevention (DLP) initiatives
  • Keep up to date on latest information security threats and countermeasures
  • Recommend security enhancements and purchases consistent with information security strategy and evolving threats
  • Provide forensic analysis of network packet captures, DNS, proxy, Netflow, malware, host-based security and application logs, as well as logs from various types of security sensors
  • Assist in identifying and remediating gaps as identified throughout the investigation
  • Review log-based data, both in raw form and utilizing SIEM or aggregation tools
  • Work with the Information Security Officer as integral member of incident response team
  • Maintain an up-to-date understanding of industry best practices.
  • Willingness to travel occasionally

  • Minimum of three (3) or more years of combined IT and information security work experience with a broad range of exposure to systems analysis, application development, database design and administration required.
  • In depth knowledge of Information Security incident handling and investigation procedures
  • Demonstrated skills in conducting forensic analysis of digital evidence, network traffic, managing event analysis/correlation and related incident investigations
  • Technical skills proficiency in the following areas: security information event management, network communication using TCP/IP protocols, basic system administration, basic understanding of malware (malware communication, installation, malware types), intermediate knowledge of computer network defense operations (proxy, firewall, IDS/IPS, router/switch, open source information collection
  • Excellent teamwork skills and the ability to successfully interface with other organizational groups
  • Candidate must be able to effectively communicate in English (written and presentation/verbal)
  • Ability to clearly and effectively communicate Information Security matters to executives, auditors and end users
  • Candidate should have a passion for research, and uncovering the unknown about cyber security threats and threat actors
  • Candidate should have excellent time management skills including the ability to prepare prioritize and complete work plans.
  • Candidate should have excellent decision making and problem solving skills including the ability to clearly define and resolve issues.
  • Ability to work effectively and organize priorities independently

Education & Experience
  • Appropriate education such as a Bachelor's degree in Computer Science (or related engineering degree)
  • Minimum of 3-5 years of information systems security (or cyber security) experience
  • Working knowledge of security operations: perimeter defense, forensics, incident response, kill chain analysis, risk assessment and security metrics.
  • Preferred Certifications: CISSP, CEH, CCFP, SANS
  • Strong Understanding of risk-based and one or more of the following frameworks: PCI-DSS, Sarbanes Oxley, HIPAA, FISMA, ISO, COBIT, or NIST

Job Details

Employment Types:





About Milliman

Similar Jobs

People Also Considered

Data Not Available

Career Advice to Find Better

Simple body text this will replace with orginal content