Sr Security Incident Response Analyst (Remote)
American Specialty Health Incorporated is seeking a Sr Security Incident Analyst to work with our Enterprise Security Programs department. This position will be responsible for providing cyber incident response subject matter expertise while collaborating on numerous security projects and operational improvement initiatives. This position will support the operational activities of junior-level cyber analysts while helping to develop the team’s investigative skillset, process, and playbooks. In this role you will champion incident response services enrollment requirements to ensure progressive operational effectiveness and alert fidelity. In addition, you will be responsible for continuously identifying gaps and manage the improvements in security response process, technologies, and monitoring. Working closely with internal architecture, engineering, and project management teams, you will ensure cyber-defense requirements are identified and communicated early in the project life cycle.
American Specialty Health complies with state and federal wage and hour laws and compensation depends upon candidate’s qualifications, education, skill set, years of experience, and internal equity. $112,500 to $187,500 Full-Time Annual Salary
Remote Worker Considerations
Candidates who are selected for this position will be trained remotely and must be able to work from home in a designated work area with company-provided technology equipment.
- Support cyber incident response actions to ensure proper assessment, containment, mitigation, and documentation
- Hunting to identify anomalous and malicious behavior, enhance SIEM rules to automate continuous identification
- Interact and assist other investigative teams within American Specialty Health on time sensitive, critical investigations
- Managed the third party SOC
- Participate as part of a close team of technical specialists on coordinated responses and subsequent remediation of security investigations
- Train team members on hunting, investigative and forensic tools, and processes
- Help create, support, and participate in purple team exercises
- Manage the security monitoring enrollment process to ensure adequate coverage and effectiveness of all new and existing cloud and premise-based applications, services, and platforms
- Maintain detailed tracking plan of all internal/external enrollment outcomes/recommendations and provide support through to implementation
- Act as a liaison between security operations, engineering, security architecture, network & system operations, and functional project teams to ensure effective project implementation that meets incident response requirements
- Work with colleagues in other technology departments as well as the business and product offices to establish effective, productive business relationships
- Define baseline security monitoring requirements for all new projects, services and applications joining the American Specialty Health network
- Facilitate the development and tuning of SIEM rules to support enrollments and ensure high fidelity alerting
- Review and analyze cyber threats and provide SME support and training to junior level security analysts
- Bachelor's degree in Computer Science, Information Security, Computer Engineering, or related area of study. If related experience, high school diploma required.
- 8 or more years of relevant experience using hunt/IR technologies and industry-standard tools.
- Experience authoring thorough investigative reports detailing incident findings.
- Proficiency with analysis and characterization of cyberattacks (Kill Chain, MITRE ATT&CK).
- Proficiency with common operating systems (Linux/Unix, Windows), with a demonstrated understanding of how they may be compromised.
- Proven subject matter expertise in relevant areas, such as incident response, intrusion analysis, incident handling, malware analysis or security engineering
- Demonstrated experience in an enterprise-level incident response team or security operations center. Direct experience handling advanced cyber security incidents and associated incident response toolsets
- Relevant security related certifications a plus: GCIA, GSEC, GCIH, GCED, GCFA, GREM, E|CIH, CSIH, CIHE
- Experience with systems and monitoring within Microsoft Azure preferred.
- Strong interpersonal and leadership skills to influence and build credibility as a peer.
- Skilled in identifying different classes of attacks and attack stages
- Strong knowledge of malware families and network attack vectors.
- Strong knowledge of Windows system internals.
- Strong knowledge of web applications and APIs.
- Strong scripting skills.
- Strong working knowledge of common security tools, such as a SIEM, AV, scanners, proxies, WAFs, NetFlow, IDS/IPS, Snort and forensics tools.
- Advanced technical knowledge associated with various operating systems, network services and applications. A keen understanding of logging components and capabilities.
- Possess a demonstrated sense of urgency with the ability to perform well under significant enterprise-wide pressure.
- Excellent communication and presentation skills with demonstrated skill in presenting analytical data effectively to varied (including executive) audiences.
- Demonstrated ability to interact in a positive, respectful manner and establish and maintain cooperative working relationships.
- Ability to display excellent customer service to meet the needs and expectations of both internal and external customers.
- Excellent listening and interpersonal communication skills to identify critical core competencies based on success factors and organizational environment.
- Ability to effectively organize, prioritize, multi-task and manage time.
- Demonstrated accuracy and productivity in a changing environment with constant interruptions.
- Demonstrated ability to analyze information, problems, issues, situations, and procedures to develop effective solutions.
- Ability to exercise strict confidentiality in all matters.
Primarily sedentary, able to sit for long periods of time.
Ability to speak, see and hear other personnel and/or objects. Ability to communicate both in verbal and written form. Ability to travel within the facility. Capable of using a telephone and computer keyboard. Ability to lift up to 10 lbs.
Work-from-home (WFH) environment.
American Specialty Health is an Equal Opportunity/Affirmative Action Employer
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex including sexual orientation and gender identity, national origin, disability, protected Veteran Status, or any other characteristic protected by applicable federal, state, or local law.
Please view Equal Employment Opportunity Posters provided by OFCCP here.
If you are a qualified individual with a disability or a disabled veteran, you have the right to request an accommodation if you are unable or limited in your ability to use or access our career center as a result of your disability. To request an accommodation, contact our Human Resources Department at (800) 848-3555 x6702.
ASH will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the Company’s legal duty to furnish information.