Job Summary

In this role, you will be part of a team that is responsible for analysis of cyber threats that could impact company resources. 
The Sr. IR (Incident Response) Analyst will establish operating procedures to detect & respond to cyber incidents from external threats as an integral part of a Cyber Security Operations Center (CSOC). The Sr. IR Analyst will lead a team providing strategic and lifecycle direction. He/She will be the senior most escalation point for IR related events.  This person must be a self-starter with the ability to research and solve problems independently but must also able to collaborate in a dynamic team environment.  Leadership, Technical and Mentoring skills are crucial.

Responsibilities

•    Establish processes for analysts who conduct security monitoring, triage and analysis, handle incoming notifications from NetApp personnel, and conduct notifications.
•    Handle escalations related to advanced persistent threat or forensic events.
•    Interface with executive and corporate management.
•    Continually research the current threat landscape and tactics as they apply to team and adjust accordingly.
•    Advise management on the effectiveness execute modifications where appropriate.
 

Job Requirements

•    Advanced understanding of network communications (TCP/IP networks, Web Protocols, Identity & Cloud)
•    Advanced understanding of IT security principles
•    Ability to work with a globally distributed team
•    Strong oral and written communication skills
•    The ability to travel as needed to support the corporate objectives.
•    Ability to work some late hours or weekends as the role requires.
•    Previous operational experience in a CSIRT, CIRT, SOC, or CERT, Security Incident Management – analysis, detection and handling of security events.
•    Expert understanding of tactics used by APT, Cyber Crime and other associated threat group
•    Advanced understanding of multiple operating systems such as Linux, Solaris, BSD, or Windows
•    Advanced understanding of intrusion detection systems (e.g. Snort, Suricata) and tools (e.g. tcpdump, Wireshark)
•    Advanced comprehension of how attacks exploit operating systems and protocols
•    Must understand how to analyze network traffic for suspicious and malicious activity
 

Education

• Hands-on experience with other security technologies:
• Next-Gen Intrusion Detection Systems – FireEye, Damballa, or Palo Alto WildFire
• Security Information & Event Management (SIEM) – ArcSight, Splunk, QRadar, etc
• Packet capture technologies – NetWitness, Solera, Moloch, or at a minimum, WireShark or tcpdump
• Scripting experience with one or more of the following: PERL, Bash, PowerShell, Python
• Ability to write technical documentation and present technical briefings to varying audiences

 
Typically requires a minimum of 8 years of related experience with a Bachelor’s degree; or 6 years and a Master’s degree; or a PhD with 3 years experience; or equivalent experience.
•    5+ years of information security experience is required; At least 3 years of experience in security monitoring, digital forensic analysis, penetration testing, or incident response is preferred.
•    A Bachelor of Arts or Sciences Degree is required; or equivalent experience.
•    Leadership or Management experience