Incident Response Analyst
Must be US Citizen
We are currently seeking a Level 3 (Consultant) Incident Response Analyst to join our Security & Resiliency team, based in Bedford, MA.
- This role is responsible for investigating and reporting of major security incidents supporting all Dell business units and mergers & acquisitions.
- This role requires experience in all phases of Cybersecurity Incident Response including preparation, analysis, notification, response, recovery, and post-mortem.
- The CyberSecurity Intelligence & Response Team (CSIRT) under Security & Resiliency team is responsible for coordinating with IT, Legal, Human Resources, and other appropriate business units to gather incident details, assess impact, and coordinate response.
- This role interacts with all levels of the organization, particularly within the Global IT organization and is viewed as a subject matter expert on Incident Response.
- The focus of the role is primarily responding to security incidents, managing and consistently maturing the security incident response process to meet the needs of Dell, and building the Global Incident Response Team's technical investigative capabilities (process & technology).
- 8+ years of hands-on experience with a focus in areas such as systems, network, or information security/cybersecurity
- 5+ years of cybersecurity Incident Response experience
- Should possess one or more of the following certifications – CISSP, SANS GCIH, GCIA, GNFA, GREM
- Exceptional ability to conduct cybersecurity investigations, analyze and distill relevant findings and determine the root cause
- Strong knowledge of security technologies such as SIEM, Full packet capture, Firewall/NGFW, IDS/IPS, EDR, DLP, UEBA
- Strong knowledge of web technologies, networking protocols, Microsoft Windows and Linux/Unix platforms and tools with related experience in corporate infrastructures
- Strong technical experience and familiarity of various types and techniques of cyber-attacks, with the incident response and threat hunting lifecycles.
- Excellent analytical thinking, time management and coordination skills and excellent command in English (both written and verbal)
- Ability to work in a dynamic and multicultural environment, with a positive and professional attitude
- Provides holistic security guidance to a wide variety of internal business partners across network, host, database, application, and people/process domains.
- At advanced levels, may provide program or portfolio-level guidance to business unit leaders and embedded security champions.
- Typically offers deeper specialization and expertise in one or more areas.
- Provides security expertise to small to midsize projects or programs; supports senior staff in larger projects and programs
- Understands and articulates cybersecurity strategy, policy, standards, and procedures
- Contributes as a cybersecurity subject matter expert
- Translates cybersecurity requirements into specific systems, applications and product designs for a specific client, program or project
- Collaborates with clients regarding secure product configuration, deployment, and how they align and adhere to applicable security policies and standards to minimize security vulnerabilities
- Guides clients in the development and implementation of security controls
- Serve as one of the four global escalation points for cybersecurity incidents not resolved at the L1/L2 levels
- Perform technical cybersecurity investigations on security incidents, root cause analysis, recommend and mitigate the effects caused by an incident
- Provide technical Incident Response guidance to the L1 and L2 Incident Response Analysts
- Mature the Security Incident Response process to ensure it meets the needs of the global business and is adhered to
- Assist with the creation and refinement of Incident Response run books
- Participate in shift handoff activities
- Interface with other CSIRT teams to continuously improve the Incident Response function