Job Description
The Incident Response Specialist is responsible for implementing, maintaining, monitoring, and managing security event & incident management capabilities. The Incident Response Specialist engages in all phases of the incident response process and communicate with key personnel across the organization. This role requires you to work independently and requires a solid understanding of analysis, of operating systems, AWS and Azure cloud technologies, networking technologies, and deep technical knowledge of cyber-attacks. The IR Specialist will work with internal and external resources to identify, investigate, and help remediate information security events. This may include assessing risks; developing, coordinating, and leading incident response; forensics, monitoring and compliance, and preventing / detecting suspicious activity. The IR Specialist delivers these capabilities in accordance with the organization’s architectural designs, best practices, and regulatory or compliance requirements. As risks & threats change, the IR Specialist is responsible for recommending modifications and enhancements to ensure the organization is evolving with the threat landscape.
Summary: The Incident Response Specialist is responsible for implementing, maintaining, monitoring, and managing security event & incident management capabilities. The Incident Response Specialist engages in all phases of the incident response process and communicate with key personnel across the organization. This role requires you to work independently and requires a solid understanding of analysis, of operating systems, AWS and Azure cloud technologies, networking technologies, and deep technical knowledge of cyber-attacks. The IR Specialist will work with internal and external resources to identify, investigate, and help remediate information security events. This may include assessing risks; developing, coordinating, and leading incident response; forensics, monitoring and compliance, and preventing / detecting suspicious activity. The IR Specialist delivers these capabilities in accordance with the organization’s architectural designs, best practices, and regulatory or compliance requirements. As risks & threats change, the IR Specialist is responsible for recommending modifications and enhancements to ensure the organization is evolving with the threat landscape.
Essential Functions: Reasonable accommodations may be made to enable individuals with disabilities to perform the essential duties.
- Develop, deploy & support Security Incident & Event Monitoring (SIEM) software, tools, and technology capabilities for a hybrid-cloud environment (on-prem, AWS, O365, and Azure);
- Advanced event monitoring and analysis of network traffic, endpoint indicators, cloud hosted systems, and various log sources to identify the threat, assess the potential damage, and recommend countermeasures;
- Perform digital forensics on network, host, memory, and other artifacts originating from multiple operating systems, applications, or networks and extract IOCs (Indicators of Compromise) and TTP (Tactics, Techniques, and Procedures;
- Assist with incident response and system stability issues as they occur. This may include involvement outside of regular work hours;
- Automate information security activities related to incident response, data analytics, and reporting.
- Develop security functions and detection logic to address the risks posed by advanced threat actors using SIEM, EDR, ATP, DLP, and/or other security technologies;
- Perform e-discovery requests as needed;
- Collect, analyze, assess, and disseminate information about cyber threats and potential attacks;
- Conduct human-driven, proactive, and iterative hunts through enterprise networks, endpoints, or datasets to detect malicious, suspicious, or risky activities that have evaded detection by existing tools;
- Lead the Computer Incident Response Team (CIRT) in responding to active and time-sensitive threats including communications and coordination across different teams;
- Work closely with other members of the Information Security team to lead changes in the company’s defense posture;
- Develop security test plans from architectural design. Identify deficiencies and make recommendations.
Supervisory Responsibilities: This position has no formal supervisory responsibilities.
Minimum Required Qualifications:
- Bachelor’s degree in management, science, engineering, computers, or a technical field AND
- Three (3) to five (5) years of experience in information security or email administration or a related field OR
- Equivalent education / service and experience.
Certificates and Licenses: None required. Preference for the following –
- Certified Ethical Hacker (CEH)
- GIAC Certified Incident Handler (GCIH)
- GIAC Certified Intrusion Analyst (GCIA)
OTHER REQUIRED QUALIFICATIONS:
- Experienced with relevant SIEM supporting & integrating technologies such as JSON, APIs, etc. used in security incident detection and response
- Highly technical and analytical expertise, with a proven deep background in technology design, implementation, and delivery.
- Demonstrable and hands-on experience with AWS and Azure event logging technologies
- Skilled in meeting vulnerability and penetration testing requirements.
- Experience Office 365 Advanced Threat Protection (ATP) and endpoint event detection technologies.
- Experience with TCP/IP, Unix & Windows operating systems, and Oracle, and SQL databases.
- General frequent use and application of cyber technical standards, principles, theories, concepts, and techniques.
- Prior experience with ELK Stack and other Open-Source SIEM technologies preferred
- Microsoft Office (Outlook, Word, Excel, PowerPoint, Project, Visio, etc.); Web proficiency.
- Ability to clear required background check.
DESIRED Qualifications:
- Prior work experience in a regulated hybrid-cloud environments.
- Prior experience in education industry.
- Experience with TCP/IP, Unix, and Windows operating systems
- Experience with Office 365 Advanced Threat Protection
- Ability to establish good working relationships with team members, colleagues, and external organizations.
- Demonstrable ability to develop value-driven & budget conscious security capabilities
- Holds one or more including: Microsoft Certified: Azure Security Engineer Associate, Security +, CISSP, etc. SIEM or Incident Response focused certifications preferred.
Work Environment: The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- This is a home-based position.
Compensation & Benefits: Stride, Inc. considers a person’s education, experience, and qualifications, as well as the position’s work location, expected quality and quantity of work, required travel (if any), external market and internal value when determining a new employee’s salary level. Salaries will differ based on these factors, the position’s level and expected contribution, and the employee’s benefits elections. Offers will typically be in the bottom half of the range.
- We anticipate the salary range to be $66,379.50- $170,037.60. The upper end of this range is not likely to be offered, as an individual’s compensation can vary based on several factors. These factors include, but are not limited to, geographic location, experience, training, education, and local market conditions. Eligible employees may receive a bonus. Stride offers a robust benefits package for eligible employees that can include health benefits, retirement contributions, and paid time off.
The above job is not intended to be an all-inclusive list of duties and standards of the position. Incumbents will follow any other instructions, and perform any other related duties, as assigned by their supervisor. All employment is “at-will” as governed by the law of the state where the employee works. It is further understood that the “at-will” nature of employment is one aspect of employment that cannot be changed except in writing and signed by an authorized officer.
Job Type
Regular
The above job is not intended to be an all-inclusive list of duties and standards of the position. Incumbents will follow any other instructions, and perform any other related duties, as assigned by their supervisor. All employment is “at-will” as governed by the law of the state where the employee works. It is further understood that the “at-will” nature of employment is one aspect of employment that cannot be changed except in writing and signed by an authorized officer.
Stride, Inc. is a Federal Contractor, an Equal Opportunity/Affirmative Action Employer and a Drug-Free Workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected Veteran status age, or genetics, or any other characteristic protected by law.
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)