Security Analyst – Incident Response & Handling
The candidate selected for this position will have at least 10 years of experience working on active incidents either as an employee of or a consultant for a large company. The work will be performed on site at the customer location in Thousand Oaks California.
Essential Duties and Responsibilities
Manage and perform incident response activities including
- At least 10 years active experience as part of an incident response team working as an IR Handler (either in-house or as a consultant)
- Act as a Subject Matter Expert (SME) for incident response and forensics
Searching device and server logs.
Locating malware on a computer Identifying the attack vector Remediating infected computer(s) Building a timeline showing how the incident unfolded. File carving Briefing customer on extent of incident and response strategy
- Perform storage forensics (for example, hard drives, phones, USB storage)
- Utilize Company-owned forensic tools (Encase, FTK, Helix, Wireshark, etc.) in the course of investigations
- Utilize other Incident response tools such as Nmap, Wireshark and Snort,
- Perform network storage forensics (for example, capturing network traffic for analysis)
- Perform file-system analysis and file carving (for example, to extract email, documents, and other trace evidence)
- Establish timelines and patterns of activity of individuals and electronic devices and software
- Follow forensically sound practices, including preserving chain of custody
- Consult with Company legal team on privacy, policy and compliance concerns
- Develop companywide remediation plan of actions as a result of investigative discovery within
- Company business and IT infrastructure
- Adequately communicate with all key stakeholders to ensure both confidentiality of information and expedient evidence collection
Dell SecureWorks is a market leading provider of world-class information security services with over 2,800 clients worldwide spanning North America, Latin America, Europe, the Middle East and the Pacific Rim. Organizations of all sizes, including more than ten percent of the Fortune 500, rely on SecureWorks to protect their assets, improve compliance and reduce costs.
The combination of strong client service, award-winning security technology and experienced security professionals makes SecureWorks the premier provider of information security services for any organization. Positioned in the Leader’s Quadrant of Gartner’s Magic Quadrant for MSSPs, SecureWorks has also won SC Magazine's "Best Managed Security Service" award for 2006, 2007, 2008, 2009 and 2011.
Required Knowledge, Skills and Abilities
Preferred Knowledge and skills
- Experience managing large and small scale incidents
- Experience leading digital forensic investigations
- Working knowledge of forensic tools such as Encase, FTK, Helix, Knoppix, Slax, Sleuthkit, SIFT, BlackLight and/or MacForensicsLab
- Familiarity with the following technologies: Active Directory, Virtualization platforms, Microsoft Windows, Unix, Linux, Mac OS X, LDAP, Active Directory, 802.11 wireless, firewalls, routers, network protocols and architecture, databases, VPN/RAS, IDS/IPS
- Understanding of risk-based frameworks
- Understanding of one or more frameworks: PCI-DSS, Sarbanes Oxley, NERC-CIP, HIPAA, FISMA, ISO, COBIT, NIST
- Broad information security knowledge and experience
- Very good understanding of MS Windows architecture and design
- Strong understanding of networking protocols such as RIP, EIGRP, OSPF, network tools such as Wireshark and Nmap and networking principles such as subnet masks, CIDR and spanning-tree protocol
- CISSP credential
Bachelor’s degree in Computer Science or related field GIAC Certified Incident Handler (GCIH) GIAC Certified Intrusion Analyst (GCIA) Microsoft MCSE certification.
Good interpersonal communication skills. Strong writing skills Some management experience as a team lead is helpful. Candidate may be required to oversee other security staff
Dell - 2 years ago