Thrive
Job title:
Incident Response Analyst
Company
Thrive
Job description
About UsThrive is a rapidly growing technology solutions provider focusing upon Cloud, Cyber Security, Networking, Disaster Recovery and Managed Services. Our corporate culture, engineering talent, customer-centric approach, and focus upon “next generation” services help us stand out amongst our peers. Thrive is on the look-out for individuals who don’t view their weekdays spent at “a job”, but rather look to develop valuable skills that ignite their passion and lead to a CAREER. If you’re attracted to a “work hard, play hard” environment, seeking the guidance, training and experience necessary to build a lucrative career, then welcome to THRIVE!!Position OverviewWith a growing client base, Thrive is continuing to build out its security team. We are looking to hire an Incident Response Analyst to take a role within our Security Operation Center. The analyst will assist with continuously monitoring and improving our customers’ security posture, while preventing, detecting, analyzing, and responding to cybersecurity incidents utilizing technology and well-defined processes and procedures. The ideal candidate will have a passion for information security and will value what a properly managed Security monitoring solution can bring to our client needs.Primary ResponsibilitiesProcess investigation requests from SOC Analysts who perform security event monitoring using Security Information and Event Management (SIEM) from multiple sources, including but not limited to, events from network and host-based intrusion detection/prevention systems, network infrastructure logs, systems logs, applications, and databasesInvestigate intrusion attempts, differentiate false positives from true intrusion attempts, and perform in-depth analysis of exploitsLead incident response and threat hunting efforts for confirmed High Priority security incidents and follow through until resolutionUtilize threat intelligence to identify and investigate potential security threatsDevelop playbooks for incident response and incident management processes, including threat triage, incident investigation, and incident resolutionConduct regular reviews of playbooks to ensure they are current and effectiveWork with cross-functional teams to ensure that playbooks are aligned with the overall security strategy and goalsParticipate in tabletop exercises and drills to test and validate playbooksMonitor and evaluate security incidents to identify opportunities for improving playbooksKeep up-to-date with current security threats and trends to ensure that playbooks are relevant and effectiveActively investigate the latest security vulnerabilities, advisories, incidents, and TTPs (tactics, techniques, and procedures) and work with the Security Engineering team to recommend use casesProactive monitoring, threat hunting, and response of known and/or emerging threatsCarry out Thrive’s information security strategy both internally and externally for 400+ clientsAnalyze data from our SOC, SIEM and EDR platforms and determine if further analysis is neededWork within Thrive’s security standards and best practices and recommend future enhancementsStay abreast of security events and techniques to keep our clients protectedQualificationsDemonstrates comprehension of best security practicesHas advanced knowledge of the following systems and technologies:SIEM (Security Information and Event Management)TCP/IP, computer networking, routing, and switchingIDS/IPS, penetration and vulnerability testingFirewall and intrusion detection/prevention protocolsWindows, UNIX, and Linux operating systemsNetwork protocols and packet analysis toolsEDR, Anti-virus, and anti-malwareContent filteringEmail and web gateway.Malware, Network, or System AnalysisProfessional experience in a system administration role supporting multiple platforms and applicationsAbility to collaborate and communicate security issues to clients, peers and management.Strong analytical and problem-solving skillsAdaptability and resilience in rapidly evolving situationsAbility to be a part of an on-call rotation, occasionally working nights and weekends to support High Priority Security IncidentsRequired SkillsTechnical proficiency in networking, operating systems, and security technologiesFamiliarity with security tools like SIEM, IDS/IPS, EDR, and forensic analysis toolsUnderstanding of incident response procedures and methodologiesUnderstanding of frameworks such as MITRE ATT&CK and the Cyber Kill chain,Familiarity with TCP/IP network protocols, application layer protocols (e.g., HTTP, SMTP, DNS, etc.)Experience in responding to and investigating cloud, system or network intrusionsExcellent Written and Verbal Communication SkillsExpertise in forensics, malware analysis, and network intrusion responsePreferred SkillsKnowledge of common Windows and Linux/Unix system calls and APIsKnowledge of programming languagesKnowledge of internal file structures for file formats commonly associated with malware (e.g. OLE, RTF, PDF, EXE, etc.)Knowledge or experience in Detection EngineeringPowered by JazzHR
Expected salary
Location
Nottingham
Job date
Wed, 04 Dec 2024 00:43:47 GMT
To help us track our recruitment effort, please indicate in your email/cover letter where (tendersglobal.net) you saw this job posting.