Description

The Principal Incident Response Analyst will be a resident technical expert within the Security Operations Center (SOC). This role is for a senior level individual contributor role on the Cyber Defense – Computer Security Incident Response Team (CSIRT) and will be working closely with the Threat Intelligence, Attack Surface Management, and Detection Engineering teams.

This role will have responsibility for one or more of the security systems aligned with their specific function, either directly or indirectly; and will be a technical authority for critical operational decisions having significant impact to the organization with authority extending beyond the team to include both technology and business line areas in security-related decisions. 

This role will also help mature an existing CSIRT incident response, malware analysis, and advanced threat detection programs.

The individual would be responsible for (but not limited to):

Conducting network forensics, log analysis, and malware triage in support of incident response investigationsUtilizing current and future tools to perform hunting for complex insider and outsider threatsAnalyzing vulnerability assessment and penetration testing results to help identify stealthy threats and drive remedial action of critical threatsSupporting proactive deep malware analysis, and recommending defensive actions to effectively defend against malware related attacksRecommend how to optimize security monitoring tools based on threat hunting discoveriesFacilitating the evaluation, selection and implementation of supporting SOC systems and toolsHelping develop meaningful metrics to reflect the true posture of the environment allowing the organization to make educated decisions based on riskExercising analytical skills and knowledge of supervision regulations

Experience and Skills:

7 or more years of progressive security industry experienceDemonstrated understanding of various operating systems (Window, Unix, Linux, AIX, etc) with an emphasis on Security OperationsHands on experience with:Security Information and Event Management Tools (QRadar, Arcsight, Splunk, etc.)Intrusion Prevention ToolsDatabase Security Tools (Guardium)Data Loss Prevention Tools (Symantec, Websense, etc.)Firewalls (Cisco, Palo Alto, Check Point etc.)Application Security ToolsVulnerability toolsCyber Security Incident ResponseNetwork Intrusion Detection Systems (SourceFire, McAfee, etc.)Host Intrusion Detection SystemsPacket Capture toolsExperience with threat taxonomies, models (e.g. MITRE ATT&CK), and Indicators of Compromise (IOCs)Experience with one or more scripting language (Bash, Python, Perl, PowerShell, etc.)Experience with malware reverse Analysting and tools such as IDA Pro, OllyDbg, PEID etc.Knowledge of Advanced Persistent Threat (APT) actors and associated tools, techniques, and procedures (TTPs)Excellent oral and written communications skills Strong analytical and critical thinking skillsSelf-motivation with the ability to work under minimal supervisionExperience with computer security incident handling, coordination and responseKnowledge and experience required in the areas of security assessment and vulnerability scanning, risk based threat analysis, and security mitigation techniques 

Education, Certifications and/or Other Professional Credentials:

Bachelor’s Degree (Security / IT Related) or equivalent combination of experienceA combination of relevant industry certifications including, but not limited to CISSP, GREM, GCIH, GCIA, CEH, GCED, CISA, etc

Hours & Work Schedule

Hours per Week:  40

Work Schedule:  Monday through Friday 8:30AM - 5:00PM

Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance.

Equal Employment Opportunity

Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague’s or a dependent’s reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens, we are committed to fostering an inclusive culture that enables all colleagues to bring their best selves to work every day and everyone is expected to be treated with respect and professionalism. Employment decisions are based solely on merit, qualifications, performance and capability.