Senior Cyber Incident Response Engineer
Location: REMOTE
Duration: 6-Month Contract to Hire
Openings: 3
Interview Process: Technical Screen, CVS Scenario EDR Data Based Assessment, if they pass the assessment then they will have a 30 min interview with the hiring manager and 2 of the other CVS team members.
Position Overview
The Senior Cyber Incident Response Engineer will play a crucial role in our Security Operations Center, responsible for monitoring, analyzing, and responding to security incidents. This individual will leverage their expertise in three of the following technologies: Splunk, Crowdstrike, Defender, Mindcast, and Anamoly, to enhance our threat detection and response capabilities. The ideal candidate will have a strong background in cybersecurity, excellent analytical skills, and a proactive approach to identifying and mitigating security threats.
Key Responsibilities
Threat Detection and Analysis:
- Monitor security events and alerts from various sources, including SIEM systems, IDS/IPS, and endpoint protection platforms.
- Conduct in-depth analysis of security incidents to determine the root cause, impact, and appropriate remediation steps.
- Utilize expertise in Splunk, Crowdstrike, Defender, Mindcast, and/or Anamoly to enhance threat detection and response processes.
- Incident Response:
- Lead the investigation and resolution of complex security incidents, coordinating with other teams as necessary.
- Computer incident response leadership.
- Log analysis.
- Forensic image analysis.
- Timeline analysis.
- Kill Chain analysis.
- Threat modeling.
- Preparation of incident status and reports.
- Develop and implement incident response playbooks and procedures to ensure timely and effective incident handling.
- Perform post-incident analysis to identify improvements and prevent future occurrences.
- Security Monitoring:
- Configure and fine-tune security monitoring tools and technologies to optimize detection capabilities.
- Collaboration and Communication:
- Interface with various Business Units, IT leads, third parties supporting customers IT Operations, Security, Operations, and law enforcement.
- Communicate effectively with stakeholders, providing clear and concise reports on security incidents and SOC activities.
- Required Qualifications/Skills:
- Minimum of 5 years of experience in information security roles or worked in a SOC environment or similar cybersecurity role with experience in the health services or financial industries.
- 2+ years of CIRT incident response is REQUIRED.
- Proficiency in at least three of the following technologies: Splunk, Crowdstrike, Defender, Mimecast, and Anamoly.
- Experience with the following information security technologies and principles:
- Firewalls.
- Proxy.
- Malware sandboxing and reverse engineering.
- EDR.
- AV
- DLP
- EuBA
- Kill Chain Analysis
karthik@itminds.net