Cyber Threat Analyst - Remote

The Cyber Threat Analyst will support and participate in efforts to investigate cybersecurity events from end-to-end, engaging and coordinating peer teams, stakeholders, and other entities as necessary. This person will play a role of analyst in the areas of incident response, threat hunting, and email analysis. The Cyber Threat Analyst will help create and update existing incident response documentation and training materials.

• Escalate and engage in incident response activities to identify, assess, contain, mitigate, and resolve all observed threats 
• Document all investigational efforts and actions in the ticketing system
• Create and update incident response runbooks
• Document and track incident response investigations, including observed IOCs and TTPs, system(s) impacted, criticality and scope of any data exposure, lessons learned, follow-up items
• Act as incident investigator for all observed and escalated cyber security events
• Collect, organize, and analyze data using various cyber security tools and data sources a SIEM, endpoint detection and response, tools, firewall logs, and custom detections (to include threat intelligence sources)
• Identify, analyze, and interpret trends or patterns in complex data sets
• Work with the functional business areas as needed during incident response investigations
• Demonstrate subject matter proficiency with threat intelligence processes
• Perform other duties as assigned

• Bachelor’s degree or 3+ years of relevant work experience
• 3+ years of cybersecurity investigation experience
• 3+ years of intensive incident response experience
• A demonstrable understanding of operating systems, including Microsoft Windows, Mac OSX, Linux, Unix, and mobile devices

• Analytical skills applying logic and intel threat modeling to available data points.
• Well-versed in multiple cyber security domains and technologies such as firewalls, intrusion detection systems, and other network security platforms
• Deep understanding of how to leverage threat intelligence
• Advanced knowledge of cyber-attack techniques, and mitigation strategies
• Ability to effectively communicate complex topics to engineers and leadership
• Ability to properly handle confidential data and strictly follow business processes and procedures
• Security certifications such as Security+, CISSP, GSEC, GCFA, GCFE are a plus
• Ability to operate effectively in fast paced and high stress situations
• Ability to communicate findings and requirements effectively
• In- depth level knowledge in incident response, computer forensics, network traffic analysis, log file analysis, malware analysis
• Knowledge of the MITRE ATT&CK framework
• Experience using SIEM, SOAR, and/or EDR platforms to identify and mitigate cybersecurity incidents.
• Experience in securing and investigating incidents in modern cloud environments such as Microsoft Azure/Amazon Cloud/Google Cloud