Previous Job
Previous
Endpoint Detection Analyst
Ref No.: 21-00211

The primary responsibility for this role is to monitor, tune, and investigate alerts on multiple Endpoint Detection and Response (EDR) platforms. Investigations can include but are not limited to, Security Information and Event Monitor (SIEM), Firewall (FW), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Antivirus (AV). An additional responsibility is to triage alert tickets to ensure the proper severity has been assigned.

The role will, on an overflow basis, also be responsible for conducting forensic investigations and analysis in support of cyber incidents that are reported to the CSIRT team. This role will require the ability to triage and conduct thorough examinations of all types of digital media within a heterogeneous environment, the ability to determine containment and/or remediation activities that may be required as well as identify potential threats. Reporting and collaborating with the different areas of Business will be required, as well as providing relevant lesson learned output that can be fed into the IBM threat landscape.

Essential Duties and Responsibilities:

  • Monitor, tune, and investigate alerts on multiple EDR platforms (CrowdStrike, Defender ATP, Carbon Black).
  • Review log-based data, both in raw form and utilizing SIEM (QRadar or Splunk) or aggregation tools.

  • Conduct examination of digital media (hard drives, network traffic, mobile phones, etc.).

  • Capture / analyze network traffic for indications of compromise.

  • Employ best practices and forensically sound principals such as evidence handling and chain of custody.

  • Establish timelines and patterns of activity based on multiple data sources.

  • Identify, document, and prepare reports on relevant findings.

  • Utilize varied forensic software such as FTK, Encase, IEF, etc.

  • Effectively communicate with clients to establish timelines, manage expectations, and report findings.

Required Knowledge, Skills, and Abilities:

  • Demonstrated EDR platform alert analysis experience.
  • Demonstrated computer forensic investigations experience.

  • Expert-level knowledge of common attack vectors and penetration techniques.

  • Solid working knowledge of networking technology and tools, firewalls, proxies, IDS/IPS, encryption.

  • Demonstrated knowledge of forensic tools such as Encase, FTK, Axiom, Black Bag, SIFT.

  • Excellent technical writing and presentation skills.

  • Excellent general writing skills in presenting information in a non-technical manner; Business Case construction, Proposals, and Plans.

  • Ability to successfully lead and facilitate information gathering meetings with client senior-level employees.

  • Event analysis and correlation.

  • Experience managing large- and small-scale cybersecurity incidents.

  • Ability to coach and train junior-level analysts in industry best practices and methodologies.

  • An ability to understand and correlate strategic decisions/methodologies into their practical application at an operational level.

  • Demonstrated understanding of database structures and SQL

  • Experience with Linux, MAC OSX, and Windows operating systems


Any queries please reach me: 760 463 9309