Incident Response Analyst LeadApply Now
Location: Marlborough, Massachusetts 01701
Employment Type: Contract
Contract Length: Contract to hire (6 months to perm)
The Cyber Defense Lead is a senior role within Security Operations responsible for the daily mission of defending against cyber threats by identifying and triaging security incidents. The ideal person in this role brings experience in investigating network and endpoint intrusions, as well as in-depth experience handling security incidents. They will also bring thought leadership and strategy to the cyber defense practice.
In addition to leading the team in prioritizing responses to structured alerts the Cyber Defense Lead will triage event escalation and coordinate incident response procedures. This role must be able to solve moderately complex problems independently and know when to escalate issues to senior management. The individual will work with multiple technology platforms and interface with other groups within IT Security Operations, offshore partners, and other technology and business functions. Additional responsibilities include training of global team, develop Incident Response playbooks and track KPIs.
What You'll be Doing
- Lead investigations and incident handling process while reporting to senior leadership with periodic updates
- Develop standard operating procedures and response plans
- Day-to-day oversight of security monitoring program
- Coordinate prioritization of level 1/2/3 Security alert monitoring and triage for (MSSP, 24x7 team)
- Infuse team with mindset of Proactive response rather than reactive – Find the attacker before they find us
- Whether during daily operations or Incident response this role will be expected to influence other organizations and work to improve cross-organization collaboration
- Stay up to date with current security vulnerabilities and attacks
- Interfaces with user community and assists with IT security needs and projects
- Oversee root cause analysis of complex security issues and determines the best course of action to remedy the problem
- Recommends new policies and procedures to management and has wide latitude to devise on the best course of action for new procedures, proactively and as a result of any root cause findings
- Recommends course of action for identification, triage, containment, and eradication strategy of active threats
- Intermediate-level understanding of computer security concepts including Identity & Access Management, Network Security, Application Security, and Incident Management
- 7+ years in IT Security environment or equivalent
- 1-3+ years of SOC or Incident Response management experience
- A moderate understanding of networking concepts and protocols (such as DNS, SMTP, FTP, SSL, etc.)
- Intermediate knowledge of tools and products used in day-to-day performance of job responsibilities (e.g., IDS/IPS, EDR, SIEM)
- Familiar with IT Regulations, PCI/Sarbanes-Oxley/Mass Privacy laws
- Relevant industry certification a preferred (GCIA, GCIH, GREM, GCFA, CEH)
Zack uses traditional and digital resources to keep our talent pool brimming with highly skilled and qualified technology innovators searching for opportunities.
Can't find your fit?
We get new jobs every day. Send us your resume and we'll let you know when we have the right opportunity for you.