As an L2 Security Analyst / Incident Responder on our Managed Detection and Response (MDR) / Security Operations Center (SOC) team, you will play a critical role in managing and responding to security incidents, conducting forensic analysis, and leading incident response engagements. You will handle escalations from L1 analysts and work closely with clients to ensure the security and integrity of their systems.
Responsibilities:
Incident Handling and Response:
Lead incident response engagements, coordinating with clients to inform them of incident status, planned responses, and outcomes.
Perform detailed forensic analysis of artifacts collected from Windows devices, including MFT, registry, web history, Amache, and other system artifacts for root cause analysis.
Security Monitoring and Analysis:
Monitor security events and logs, identifying potential threats and vulnerabilities.
Use SIEM tools and other security solutions to analyze and respond to security incidents.
Advise on appropriate mitigation strategies to address identified threats.
Threat Intelligence and Advisory:
Provide clients with regular updates on new threats, industry trends, and proactive security recommendations.
Develop customized threat intelligence reports tailored to clients' specific industry and risk profiles.
Client Interaction and Support:
During Incidents, serve as the primary security contact for clients, providing prompt and effective support.
Communicate complex security issues to clients in clear, understandable terms.
Manage client expectations and work towards resolving their security concerns.
Assist clients in understanding and meeting various compliance and regulatory requirements.
Perform security reviews for clients, providing guidance on compliance improvements.
Training and Documentation:
Develop and deliver security training sessions for clients as part of educational initiatives or onboarding processes.
Create and review runbooks, detection rules and SOC procedures for current and future log sources.
Required Skills and Qualifications:
Education: Bachelor's degree in Computer Science, Information Security, or a related field; relevant certifications (e.g., CISSP, CEH, GCIH) preferred.
Experience: 3+ years in a SOC environment with client interaction and incident response responsibilities.
Technical Skills:Strong proficiency with SIEM tools and security monitoring.
In-depth knowledge of network protocols, cybersecurity threats, firewall management, and intrusion detection systems.
Expertise in forensic analysis of Windows artifacts, including MFT, registry, web history, amcache, and other system artifacts.
Soft Skills:Exceptional communication and customer service skills.
Strong analytical and problem-solving skills with a client-oriented approach.
Desired Skills:Prior experience in a MDR / SOC / Analyst / Incident Response / DFIR
Training and public speaking abilities for delivering security awareness sessions.
Seniority level
Mid-Senior level
Employment type
Full-time
Job function
Information Technology
Industries
Computer and Network Security
Referrals increase your chances of interviewing at Xcitium by 2x