Overview

« back Learn More Sr. Monitoring and Incident Response Analys Job #:  670268SR. IT Monitoring & Incident Response Member of team responsible for providing 24x7x365 Security Event Monitoring, Computer Security IncidentResponse, and Forensic Investigation services. Main activities include monitoring, detection, and analysis ofpotential intrusions in real time and through historical trending of security ­relevant data sources. Responding toconfirmed incidents, coordinating resources and directing use of timely and appropriate countermeasures.Supporting investigations and coordinating forensic analysis. Responsible to research, develop, and communicateprocesses and solutions to detect and react to security incidents in a timely manner. Analyst has responsibility todefine, build, maintain and measure the effectiveness and efficiency of core services delivered. Analyst must beself-motivated with a strong willingness to learn and mentor others in a fast paced, hands ­on working environment.Possess a “can do” attitude, foster teamwork and be able to communicate effectively both orally and in writing.Position reports to the Monitoring and Incident Response Manager in Information Security Operations.Essential Job Functions:(  1) Monitors and corrects issues with the monitoring systems and forensic tools operating within area of responsibility.(  2) Review security events for monitoring service, Security Information and Event Management (SIEM) system and analyzes a variety of network and host-based security logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine the correct remediation actions and escalation paths for each incident.(  3) In-dept analysis of incidents escalated by the Cyber Monitoring team.  Triage security incidents to determine needs for invocation of the Incident Response Plan.(  4) independently follow procedures to contain, analyze and eradicate malicious activity.(  5) Document all activities during an incident and provide leadership with status updates during the life cycle of the incident.(  6) Maintain an internal tracking system to serve as a case management tool for security incident activity.(  7) Provide information regarding intrusion events, security incidents and other threat indications and warning information to management.(  8) Contribute to the development and maintenance of the incident response plans, processes and procedures to improve incident management, response times, analysis of incident and overall SOC functions.(  9) Coordinate incident response exercises and training(10) Prepare investigative case reports for various entities, which may include state and federal law enforcement officials, regarding high risk security events or other illegal activities against the Bank.(11) Coordinate the performance of e-discovery and/or digital forensics requests.(12) Gathering, storing, maintaining chain of custody of forensic artifacts related to incidents or investigations.(13) Keep accurate and concise records for all cases.(14) Collection, consumption and analysis of cyber intelligence reports, cyber intrusion reports and news related to information security, covering new threats, vulnerabilities, products and research.(15) Extracting data from cyber intel and synthesizing it into new signatures, IOCs and understanding of adversary (16) Provide liaison to other cyber threat analysis entities such as Global CERT and other Cyber Threat Working Groups.(17) Mentor and develop junior and peer members of the monitoring team.   Required Qualifications (Skills):-Bachelor’s degree required in a related field or 10 yrs. equivalent work experience.-Minimum of five years background in Cyber Security, Cyber Threat Analysis, or Incident Response.-Able to manage and resolve complex issues and high profile security incidents.-Strong organizational, research, analytical and problem solving skills to evaluate situations, makerecommendations and take effective action.-Strong strategic, analytical and problem solving skills are essential to manage complex projects in amultitask environment.-Demonstrated experience in project planning and execution, change planning and management-Experience with the management and monitoring of enterprise security technologies, including SIEM,anti­virus, anti ­malware, DLP, IDS/ IPS, vulnerability scanners, configuration management, and encryption-Experience with the development, implementation, and management of incident response plans andresponse activities-Understanding of security threat environment relative to computer network architectures, designs,, applications, databases, email systems, remote access, and operating system platforms-Must possess excellent oral and written communication skills including demonstrated ability to interfaceand communicate with all levels of company management, as well as external audit agencies.Required Education and Training:BS/BA in computer science, information systems, business, or equivalentPreferred Professional Training:-Possess one or more of the following certifications: CISSP, GCIA, Security, CEH or equivalent experience.-InfoSec-Incident Response-Security Operations Center-TCP/IP Networking-Knowledgeable of Windows, Linux, *nix and Cisco operating systems-Familiarity with common IDS/IPS and SIEM platforms (Snort, Cisco, Sourcefire, QRADAR, Lancope)-Experience with Malware Analysis and Reverse Engineering-Prior SOC Experience-Experience with packet analysis,packet capture tools, incident handling and response and with web technologies and databases.EEO EmployerApex Systems LLC is an Equal Opportunity/Affirmative Action Employer. We evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status, and other protected characteristics. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at employeeservices@apexsystemsinc.com or 866-612-2739.        EEO EmployerApex Systems LLC is an Equal Opportunity/Affirmative Action Employer. We evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status, and other protected characteristics. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at 866-612-2739.Learn More