As a member of the Cyber Security Incident Response Team (CSIRT), the Tier 2 Incident Analyst will coordinate the response activities for cyber security incidents across the Global company environment. The successful candidate will focus on reviewing, triaging, analyzing, and remediating cyber security incidents. The Tier 2 analyst is the escalation point for level one event analysts, and as such, will handle validated cyber security incidents, in accordance with the cyber security incident response process. The successful candidate will perform functions such as log analysis, conduct in-depth technical analysis of network traffic and endpoint systems, enrich data using multiple sources, and will be responsible for rapid handling and mitigation of cyber security incidents.
The candidate will join a team of event analysts and incident res ponders and will have an opportunity to participate in a number of Global cyber security initiatives. Successful candidates should be familiar with incident response processes, network investigative techniques, network intrusion patterns, malware analysis, and cyber security trends and issues.
**This position requires that the candidate be a US Citizen.**
1. MUST HAVE - 3-6 years’ experience working in incident response and/or other IT related fields tied to networking and enterprise information system environments.
a. Preference is true Incident Response experience, where the candidate has worked investigations related to enterprise network compromise.
b. ***This is the most important experience IMO. True IR, not glorified SOC work, not someone fielding phone calls and having help desk show up. By changing a title to “Incident Response”, that is not going to cut it. The fact that the word IR/CSIRT/Incident Response exists in the resume does not equal a match in my mind
2. MUST HAVE – Hands on experience with security tools
a. Splunk – advanced Splunk query language, ability to create dashboards, does not need oversight in performing Splunk searches to support an investigation
b. EDR Experience (Crowdstrike or Carbon Black) including scripting, live host analysis, extracting artifacts
c. Ability to analyze PCAPs commonly pulled for Network Defense tools
d. ***This is hands on experience using these tools to accomplish above investigations. I think people drop tool names because they have used them. These people need to be fully comfortable as end users of these technologies.
3. MUST HAVE - Good written and verbal communications skills. Tier 2 analysts have to write investigation reports which are often shared with auditors, regulators, and executive management MUST HAVE – In depth knowledge of network protocols, enterprise architecture, and common network logging functions.
a. I am a grouchy old teacher. If there are grammatical errors or misspellings in the resume, I drop it immediately. If their verbal skills make me think of talking to teenager who is really into My Chemical Romance, then I’ll pass. These Tier 2’s are writing and speaking with SVps and higher on a regular basis. They need to be able to get to the point, not bumble with words, and not talk like they are still in middle school. I can’t say this any other way.
4. MUST HAVE – Experience with log analysis, malware analysis, forensic analysis.
a. This is subjective and hard to determine in a resume. I ask about this during the interview
5. MUST HAVE – Functional knowledge of the MITRE ATT&CK framework
a. To me this is a black and white issue…they are familiar with MITRE ATT&CK and reference it in their defense strategy or they don’t. I won’t accept “well I’ve read about it”
• NICE TO HAVE – Threat hunting experience using long tail analysis, least frequency of occurrence, anomalies using large sets of data
• NICE TO HAVE – Scripting experience (Perl, Python, Powershell, bash, etc)
• NICE TO HAVE – Attacker Methodology, Red Team, Pen Testing
• NICE TO HAVE - Bachelor’s degree in a technology field preferred.
• NICE TO HAVE – SIEM experience, specifically with Splunk ES and/or QRadar
• NICE TO HAVE – In depth malware analysis and working knowledge of Windows assembly code (artifact collection, disassembly, identifying execution, persistence, and network connections)
PDS Tech, Inc. is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, age, marital status, pregnancy, genetic information, or other legally protected status.
Founded in 1977, PDS Tech, Inc. is one of the nation's premier specialty staffing firms with 31 offices nationwide. We offer a full range of benefits including:
- Health insurance
- Paid holidays
- Weekly payroll
- Immediate 401(k) eligibility
- Completion Bonuses
- Please note availability of benefits may vary by position
PDS specializes in Engineering and IT arenas including Aerospace, Defense, Electronics, Telecommunications, Automotive, and Energy just to name a few. Our reputation, track record, and years of continuous growth reflect the commitment to quality that our employees and clients experience first-hand. To find out more about PDS, please visit www.pdstech.com
$$$ PDS pays for referrals! $$$
We pay thousands each month in referral bonuses!
Contact a recruiter for details. To find one near you, take a look at where we are.
If you have questions, please click here to contact us.
PDS Tech, Inc. is committed to working with and providing reasonable accommodation to individuals with physical and mental disabilities.
If you need special assistance or an accommodation while seeking employment, please click here or call 1-800-270-4737 to contact us. We will make a determination on your request for reasonable accommodation on a case-by-case basis.
The law requires PDS Tech, Inc. to post a notice describing the Federal laws prohibiting job discrimination. For information regarding your legal rights and protections, please click on the following links: EEO is the Law and EEO is the Law Supplement
PDS Tech, Inc. will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay. Please see the Pay Transparency Nondiscrimination Provision for more information.
As a Federal Contractor, PDS Tech, Inc. is required to participate in the E-Verify Program to confirm eligibility to work in the United States.
For information please click on the following link: E-Verify