Tier 3 Incident Response Analyst

Tyto Athene is searching for a Tier 3 Incident Response Analyst that will collaborate with members of the SOC team to improve procedures for the SOC to enhance coordination and incident response operations. You must be willing to work in a 24x7x365 SOC environment demonstrate intuitive problem-solving skills and allow for flexible scheduling; monitor network traffic for security events and perform triage analysis to identify security incidents; respond to computer security incidents by collecting, analyzing, preserving digital evidence, and ensuring that incidents are recorded and tracked in accordance with SOC requirements; and work closely with the other teams to assess risk and provide recommendations for improving our security posture.

Responsibilities:

• Utilize monitoring and response technologies such as Endpoint Detection & Response/ Extended Detection & Response (EDR/XDR), log aggregation platforms (Splunk/Sumo Logic), Data Loss Prevention (DLP), and Microsoft and Linux security tools to perform security incident detection and analysis
• Conduct malware analysis, host and network, forensics, log analysis, and triage in support of incident response
• Recognize attacker and APT activity, tactics, and procedures such as indicators of compromise (IOCs) that can be used to improve monitoring, analysis, and incident response
• Collaborate with team members and key stakeholders to implement remediation plans in response to incidents
• Effectively investigative and identify root cause findings, then communicate findings to stakeholders, including technical staff and leadership
• Author Standard Operating Procedures (SOPs) and training documentation when needed
• Generate end-of-shift reports for documentation and knowledge transfer to subsequent analysts on duty

Required:

• Bachelor’s degree or equivalent experience
• Minimum eight (8) years of experience, with at least six (6) years in an Incident Responder/Handler role (fewer years of experience may be considered in light of additional education, certifications, or other relevant factors)
• Full understanding of Tier 1 responsibilities/duties and how the duties feed into Tier 2. The ability to take lead on incident research when appropriate and be able to mentor junior analysts
• CISSP and CEH certification or equivalent
• Advanced knowledge of TCP/IP protocols
• Knowledge of Windows, Linux operating systems
• Knowledge of Intrusion Detection Systems (IDS) and SIEM technologies; eg: Splunk, Sumo, or Elastic
• Deep packet and log analysis

Desired:

• Knowledge and experience with scripting and programming (PowerShell, Python, PERL, etc.) are also highly preferred
• GCIH, GCIA, GCFE, GREM, GCFA, GSEC Security CE, CCNA (Security), or equivalent Certifications
• CySA

Clearance:

• Secret Clearance Required

Location:

• Remote. Applicants must be local to DC Metro Area

Shift:

• Monday through Friday, Core Business Hours

Benefits:

• Highlights of our benefits include Health/Dental/Vision, 401(k) match, Flexible Time Off, STD/LTD/Life Insurance, Referral Bonuses, professional development reimbursement, and maternity/paternity leave