Incident Response Analyst
Job Description
The mission of the OFR is to support the Financial Stability Oversight Council (FSOC) in promoting financial stability by:
collecting data on behalf of FSOC; providing such data to FSOC and member agencies; standardizing the types and formats of data reported and collected; performing applied research and essential long-term research; developing tools for risk measurement and monitoring; performing other related services; making the results of the activities of the OFR available to financial regulatory agencies; and assisting such member agencies in determining the types of formats of data authorized to be collected by such member agencies.
The Incident Response Analyst is an on-call role providing day-to-day incident response across the OFRAE and JADE networks. This includes investigating alerts from the SOC, third party notifications, and other security tools; working with Enterprise System owners to remediate immediate threats and incidents; knowledge capture and investigation tracking documentation to maintain knowledge on the team; monitor and notify of security tool outages and issues; participate in process enhancements through after-action reports, tabletop exercises, and peer consulting as needed.
The role will advise and build automations and complex playbooks to further grow the response capability of the team. This is a highly technical role that requires a solid understanding of incident response and security practices. As part of a growing team this role will have the ability to leverage and work with new capabilities as they are deployed including deception infrastructure, continuous penetration testing, data loss prevention (DLP), and machine learning capabilities. The analyst should have experience in ticketing workflow, EDR and endpoint data investigations, network pcap and netflow investigation, and other security tool alerting workflow and pivoting. This role is expected to contribute to maturing the overall IR and security capability through experience and recommendations at every level of security.
A successful candidate should also have an area of expertise in at least one blue team capability be it CTI, forensics, malware, etc.
Key Tasks and Responsibilities
- Assess cybersecurity incidents to investigate, validate, respond, and recover the environment, and perform additional activities such as root cause analysis and resilience recommendations. Serve as the primary escalation point for the SOC in the event of an incident.
- Communicate and coordinate with internal and external teams during incidents and breaches.
- Design, implement, and document IR processes, procedures, playbooks, and guidelines.
- Participate in breach and attack simulation and purple teaming exercises to stress test the incident response plans and playbooks.
- Compose and deliver executive-level reports, presentations, and postmortems for key stakeholders.
- Provide relevant, strategic recommendations to help improve the security posture of an organization during and after an incident.
- Analyze emerging threats to improve and maintain the detection and response capabilities of the organization.
- EDR/IDS/IPS
- NDR/Network
- Identity Provider (IdP) authentication policies
- Email defense platforms
- Integration of threat intelligence feeds with security policy enforcement points
- SIEM and XDR detections
- Security orchestration, automation, and response (SOAR) playbook development
- Apply knowledge of monitoring, analyzing, detecting, and responding to cyber events to develop clever, efficient methods and technology to detect all types of threat.
- Document specifications, playbooks, and detections - not as an afterthought, but through the whole process.
- Work with developers to build security automation workflows, enrichments, and mitigations.
- Evaluate policies and procedures and recommend updates to management as appropriate.
Education & Experience
- Bachelor's degree or equivalent practical experience in incident response, computer science, cybersecurity, information technology, software engineering, information systems, or computer engineering
- Four or more years in an incident response role required.
- Malware analysis, digital forensics, data/network analysis, penetration testing, information assurance, leading incident handling preferred.
- Programming and scripting languages, preferably Python and PowerShell.
- Scripting and automation for use in SOAR is a plus.
- Strong written and verbal communication skills; must be able to effectively communicate to all levels of staff up to executive-level management, customers (internal and external), and vendors.
- Deep understanding of computer systems and concepts, including operating systems, computer networking, cloud computing.
- Continually updated understanding of and ability to recognize and categorize types of vulnerabilities, exploits, and associated attacks.
- Continually updated understanding of and ability to identify, capture, contain, and report malware.
- Ability to preserve evidence integrity in keeping with standard operating procedures and/or national standards.
- Motivation to continually improve the incident response program and associated policies and procedures.
- Identification of opportunities to improve collaboration and communication with internal and external stakeholders to mitigate incidents and follow protocols.
- On-Call nights and weekends based on response SLA requirements.
- Curiosity and tenacity as related to forensic investigations and threat hunting.
- Ability to work effectively under pressure; previous experience as an emergency medical responder, firefighter, or related high-pressure environment preferred but not required.
- Willingness and experience in supporting people from a variety of backgrounds and areas across the organization.
- Common attacker types and motivations (e.g., nation-state sponsored, ransomware gang, script kiddie, insider threat, etc.)
- Familiar with and have worked within security frameworks such as:
NIST SP 800-61, Attack lifecycle, SANS Security Controls, MITRE ATT&CK, Kill chain, OWASP Top 10 - SANS Security 500 Series or other industry standard equivalent recommended but not required.
Certifications
- Preference given for CCE, CCFE, CEH, CPT, CREA, GCFE, GCFA, GCIH, GCIA GIAC, Splunk Core, OSCP, SANS Security 500 Series or other industry standard equivalent
Security Clearance
- Public Trust
- Must be a U.S. Citizen
Other (Travel, Work Environment, DoD 8570 Requirements, Administrative Notes, etc.)
- This is a remote/work from home role
Computer World Services is an affirmative action and equal employment opportunity employer. Current employees and/or qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, disability, protected veteran status, genetic information or any other characteristic protected by local, state, or federal laws, rules, or regulations.
Computer World Services is committed to the full inclusion of all qualified individuals. As part of this commitment, Computer World Services will ensure that individuals with disabilities (IWD) are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact Aaron McClellan in Human Resources at or
Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
