Security Analyst – Incident Response & Handling
The candidate selected for this position will have at least 10 years of experience working on active incidents either as an employee of or a consultant for a large company. The work will be performed on site at the customer location in Thousand Oaks California.
Essential Duties and Responsibilities:
At least 10 years active experience as part of an incident response team working as an IR Handler (either in-house or as a consultant)
Act as a Subject Matter Expert (SME) for incident response and forensics
Manage and perform incident response activities including:
Searching device and server logs.
Locating malware on a computer
Identifying the attack vector
Remediating infected computer(s)
Building a timeline showing how the incident unfolded.
Briefing customer on extent of incident and response strategy
Perform storage forensics (for example, hard drives, phones, USB storage)
Utilize Company-owned forensic tools (Encase, FTK, Helix, Wireshark, etc.) in the course of investigations
Utilize other Incident response tools such as Nmap, Wireshark and Snort,
Perform network storage forensics (for example, capturing network traffic for analysis)
Perform file-system analysis and file carving (for example, to extract email, documents, and other trace evidence)
Establish timelines and patterns of activity of individuals and electronic devices and software
Follow forensically sound practices, including preserving chain of custody
Consult with Company legal team on privacy, policy and compliance concerns
Develop companywide remediation plan of actions as a result of investigative discovery within
Company business and IT infrastructure
Adequately communicate with all key stakeholders to ensure both confidentiality of information and expedient evidence collection
Required Knowledge, Skills and Abilities
Experience managing large and small scale incidents
Experience leading digital forensic investigations
Working knowledge of forensic tools such as Encase, FTK, Helix, Knoppix, Slax, Sleuthkit, SIFT, BlackLight and/or MacForensicsLab
Familiarity with the following technologies: Active Directory, Virtualization platforms, Microsoft Windows, Unix, Linux, Mac OS X, LDAP, Active Directory, 802.11 wireless, firewalls, routers, network protocols and architecture, databases, VPN/RAS, IDS/IPS
Understanding of risk-based frameworks
Understanding of one or more frameworks: PCI-DSS, Sarbanes Oxley, NERC-CIP, HIPAA, FISMA, ISO, COBIT, NIST
Broad information security knowledge and experience
Very good understanding of MS Windows architecture and design
Strong understanding of networking protocols such as RIP, EIGRP, OSPF, network tools such as Wireshark and Nmap and networking principles such as subnet masks, CIDR and spanning-tree protocol
Preferred Knowledge and skills
Bachelor’s degree in Computer Science or related field
GIAC Certified Incident Handler (GCIH)
GIAC Certified Intrusion Analyst (GCIA)
Microsoft MCSE certification.
Good interpersonal communication skills.
Strong writing skills
Some management experience as a team lead is helpful. Candidate may be required to oversee other security staff
Dell is an Equal Opportunity Employer.
To learn more about our commitment to Diversity & Inclusion, visit:
Equal Employment Opportunity Policy Statement
Life at Dell
Learn about Dell culture, the interviewing process and benefits offered in your location:
Life at Dell
Since 1985, Dell has played a critical role in enabling more affordable and accessible technology around the world. As an end-to-end...