Location: Chicago, IL
Minimum Experience Required:
- Bachelor’s degree or equivalent practical experience.
- 5+ years practical Incident Response experience
- Demonstrated understanding of Windows internals
- Demonstrated computer forensics experience including memory and filesystem analysis
- Demonstrated IT experience in the areas of operating systems, networking, and web-based applications.
- Ability to work independently on initiatives with little oversight.
- Passionate about Information Security and technology.
- Strong analytical/problem solving/conceptual thinking skills.
- Excellent verbal and written communication skills.
- Experience leading incident response activities
- Ability to think and communicate clearly and effectively during a security event
- Comfortable communicating security concepts and incident reports to senior leadership.
Preferred Field(s) of Study:
- System administration experience (esp. Unix/Linux)
- Demonstrated knowledge of static and dynamic malware analysis
- Experience working with Splunk or other SIEM/threat detection platforms.
- Previous SOC or IR experience is a plus.
- Software development and/or scripting experience.
- Experience automating incident response activities via PowerShell, Python, Bash, etc.
- Knowledge of common attacks and defenses
- Demonstrated knowledge of common vulnerabilities and countermeasures
- Experience mentoring junior analysts.
- Monitor and respond to alerts generated by our enterprise security tools.
- Continually evaluate and enhance incident response processes used to triage security events and track effectiveness
- Triage issues escalated to the Cyber Defense team ensuring quick and appropriate follow-up actions are taken.
- Perform forensics activities following a security incident
- Develop and continually improve our incident response playbooks to ensure we efficiently and effectively analyze and respond to security alerts.
- Mentor and train junior analysts
- Act as an escalation point for more junior team members
- Take ownership for the roadmap and maturity of the Incident Management System.
- Lead our threat hunting program
- Improve our detection capabilities by building and enhancing alert rules and actively hunting for evidence of malicious activity.
- Participate in Incident Response on-call rotation