Want to be a part of our team?
No Radford job or level selected)
Working at NTT
What will make you a good fit for the role?
SIRT Cyber Security Incident Responder
Reports to : Manager of Security Incident Response Team Department : Security
JOB SUMMARY : JOB SUMMARY :
JOB SUMMARY :
Join a highly skilled and motivated team of Cyber Security Professionals tasked with protecting Secure-24 and its customers.
The Cyber Security Analyst role is primarily focused on incident response, however prevention, hunting, digital forensics and consulting also play a role.
Leverage a next generation SIEM, SOAR, cyber case management and supplementary tools to investigate, contain, and remediate cyber security incidents.
The Cyber Security Analyst must have a drive to learn and grow as the industry changes and Secure-24 adapts rapidly.
Secure-24 understands that a candidate may not possess all of the skills required of a Security Analyst for the unique service provider space.
At Secure-24 the desire to learn and the ability to grow is a requirement of the position. Expert skills in other disciplines are always welcome and shows a candidate’s ability to adapt.
Structured training as well as on the job experience is a required part of the job to bring security professionals up to speed for the complex requirements and fast paced environment of a service provider.
Security Analysts must have a drive to learn and grow as the industry changes and Secure-24 adapts.
ESSENTIAL FUNCTIONS :
Lead Incident Response investigations for Secure-24 and Secure-24 customers
Perform analysis of logs and alerts to differentiate security events from security incidents
Discover and correlate relationships between seemingly unrelated information
Obtain corroborating evidence through packet analysis of network traffic
Continuously improve incident response procedures
Handle security incident escalation via Cyber Case Management tools, SOAR, SIEM, ITSM, email, phone, or walk-up
Manage and coordinate security incidents to completion and work with internal teams for remediation or escalation assistance
Tune and troubleshoot SIEM, IDP and other relevant security systems
MINIMUM QUALIFICATIONS :
Experience reviewing and analyzing log data from various network and security devices
Experience with well-known information security related tools for packet capture, network / OS fingerprinting, and communication
Familiarity with Windows and Linux operating systems including command line operation
Possess a strong foundation in networking fundamentals with deeper knowledge of TCP / IP and other core protocols
Knowledge of common network based services and common client / server applications
Excellent verbal / written communication, interpersonal and organizational skills
Communicate effectively with varied levels of staff to develop positive working relationships
Ability to continuously improve skillset to combat changing threat landscape
Excellent problem solving skills to diagnose technical issues
Manage customer situations professionally to aid in positive customer satisfaction
Ability to learn new technology and concepts quickly
Ability to work on a shift or on-call rotation if needed
PREFERRED QUALIFICATIONS :
Experience working in a mission critical operations team
Practical understanding of exploits, vulnerabilities, computer network intrusions, adversary tactics, exfiltration techniques and common knowledge
Experience with enterprise SIEM products
Experience with ITSM, IT GRC, SOAR, and / or Cyber Case Management Tools
Scripting with Python, Perl, Bash and / or PowerShell
Database structures and queries, Regular Expressions
Experience acquiring and analyzing data from clients and servers related to security incident response
Digital Forensic or Threat Intelligence work
EDUCATION and TRAINING :
BS degree in relevant field or 3 years equivalent work experience
IT, ITIL and Security related certifications desired
Recent CFCE / CCE / EnCE, CSFA or relevant active GIAC SANS certifications are desired