Sr. Incident Response Analyst

JOB DESCRIPTION

Job Description

At Levi Strauss & Co, we are revolutionizing the apparel business and redefining the way denim is made. We are taking one of the world's most iconic brands into the next century: from creating machine learning-powered denim finishes to using block-chain for our factory workers' wellbeing, to building algorithms to better meet the needs of our consumers and optimize our supply chain.

• A strong moral compass, high integrity, and positive attitude are required to be a successful part of this team. Critical thinking is a major part of this role and you will be expected to articulate your thought process on a regular basis. Confidence in your ability to quickly learn from and adapt to unfamiliar scenarios will be paramount to our success. You will be part of several highly collaborative multi-national cross functional teams which will push your interpersonal skills.

• Like all members of the LS&Co. Information Security Team, you will be an extended member of the Cybersecurity Incident Response Team. You will be expected to provide expert input and execute highly complex tasks during stressful situations.

• You will need to maintain a strong knowledge of current security threats, techniques, attack types, as well as a dedicated and self-driven desire to research the current information security landscape. You will be expected to relentlessly seek to improve your knowledge and situational awareness of LS&Co. global business operations. 

• Demonstrate excellent communication skills, analytical abilities, sound judgment, and possess the ability to work effectively with internal team members, including IT staff, management and partners. 

• Most notable is the expectation of personal growth and embracing the well-known, "other duties as assigned." We run a lean team here at LS&Co., which will give you a greater opportunity for exposure to a breadth of technologies and challenges you simply cannot encounter elsewhere.

To thrive in this role, you have

• 4-6 years of experience working within a 24x7 Security Operations Center (mandatory)

• Knowledge of email security threats and security controls, including experience analyzing email headers

• Analyze and correlate incident data to develop a preliminary root cause and corresponding remediation strategy

• General knowledge of Linux/Unix and Microsoft Security Log types

• Practical knowledge of Network Application logs especially Proxies, IDS/IPS, VPN, and Stateful Firewalls

• Practical knowledge of Endpoint security events from technologies like Anti-Virus, EDR

• Understanding of Tactics, Techniques and Procedures (TTPs) used by threat actors.

• Good understanding of the industry models such as the Cyber Kill Chains, Diamond Model and MITRE ATTCK framework.

• Possess a security and analytical mindset, where the goal of triage and investigation is to determine why something occurred and whether it was expected in the environment.

• Understanding of the incident response lifecycle at both technical and procedural level.

• Practical Knowledge in proactive Threat hunting.

• Ability to document the triaging methods followed to investigate a security event.

• General understanding of Sandbox analysis

• General Knowledge of Cyber Threat and Intelligence gathering and analysis and forensics is a plus

• The ability to take lead on incident research when appropriate and be able to mentor junior analysts

Collaborative Skills:

• Actively participate in our goal to continuously improve the way we work; identify improvement areas on our technology, process and techniques to enhance our detection and response capabilities

• Collaborate with the SOC Engineer in identifying use cases that leverage existing tools to enable automation and improve detection.

• Good knowledge and demonstrated experience in incident response tools, techniques and process for effective threat containment, mitigation and remediation.

• Provide L3 support to the SOC team on escalated incidents.

• Contribute to reporting on the team's operational metrics and KPIs.

• Develop and maintain investigative and technical reports.

• Serve as a Lead Responder on a global cybersecurity incident response team with a periodic on-call requirement.

Cybersecurity certifications preferred but not required.

LOCATION

FULL TIME/PART TIME

Current LS&Co Employees, apply via your Workday account.