Jr. Detection & Response Analyst

Summary:

We are seeking a highly motivated and experienced Junior Incident Detection & Response Analyst with 3-

5 years of experience to join our dynamic Cyber Fusion Center Incident Detection team. This position is

ideal for a candidate who is at the start of their cybersecurity career, bringing both basic SOC knowledge

and experience of detecting threats & anomalies, as well as a strong passion for security and willingness to

grown their skillset. The successful candidate will be responsible for monitoring and responding to alerts to

help prevent and mitigate cyberattacks.

Essential Functions:

• Bullet point list of essential function, requirements, and daily duties of this position

• Work in 24x7 Cyber Fusion Center to provide monitoring and detection/response services. Work various 10-

hour shifts, including weekends and work both day and night shifts. Shifts rotate quarterly.

• Use Splunk/MS Sentinel for name search pattern & workbook in Sentinel for customer understanding in

log/event correlations & built search queries in Splunk/Sentinel.

• Detect and respond to security incidents by leveraging detection/response platforms.

• Triage security incidents and perform in-depth analysis using cyber threat intelligence, intrusion detection

systems, firewalls and other boundary protection devices.

• Escalates cybersecurity events according to playbooks and standard operation procedures (SOPs).

• Support Incident Response efforts as needed, including providing counsel, working with the IR team, as

well as other involved stakeholders within the organization and customers to drive forward remediation

activities.

• Assist with containment and remediation of threats during incidents. Use internal ticketing system to track

investigated incidents and capture relevant details.

• Conduct threat hunting activities based on internal and external threat intelligence.

• Assist with service requests from customers and internal teams.

• Identify, recommend, coordinate, and deliver timely knowledge to support teams.

• Report all information to the supervisor and upper management with updates as requested and respond to

requests for information and assistance, including project progress and problems, particularly as needed to

change in schedule, resources and scopes

• Contribute to the creation of documentation to standardize processes and procedures, including playbooks

to improve internal processes and procedures.

• Work with team to establish repeatable and constantly improving processes.

• Serve as mentor and provide training to other team members as needed.

• Other tasks and responsibilities as assigned by leadership.

Requirements

Required Education & Experience:

• At least 3 years of cybersecurity experience with a focus on Incident Detection, Incident Response and/or
• Security Operations.
• BA/BS in Computer Science, Information Security, or Information Systems or equivalent related work
• experience.
• Experience interfacing with internal and external customers, providing remediation actions to non-technical
• audiences.
• Working knowledge of enterprise-level security technologies such as SIEM and ticketing systems.
• Experience in a highly collaborative environment with a focus on project delivery and desired business outcomes.
• Experience with Sentinel and other SIEM platforms, enterprise intrusion prevention systems, endpoint detection and response tools, and other security products.

Preferred Qualifications:

• Security certifications: CASP+, EC-Council Certified Incident Handler v2, IHRP, Network+, Security+,
• Defender Ninja, or Sentinel
• Technical certifications such as GCIA, GCFA, GCIH or CASP is a plus. 

Competencies:  

• Experience working with cyber security tools and software such as Sentinel, Splunk, ATP, Symantec End Point, TrendMicro Antivirus, McAfee Web Gateway, Checkpoint Firewalls, Bluecoat, Sourcefire, Active Directory, or relevant cyber security assets. 
• Excellent critical thinking, logic, and solution orientation and to learn and adapt quickly. 
• Ability to learn and operate in a dynamic environment. 
• Detail-orientated and analytical skills; Problem-solving skills. 
• Strong verbal and written communication skills. 
• Proficient with Microsoft Office & documentation skills (Word, Excel, PowerPoint) 
  

Other Duties:  

• Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice. 

Position Type/Expected Hours of Work:  

• This is a full-time position. Ability to work various 10-hour shifts, including weekends and holidays, supporting the 24x7 Cyber Fusion Center. Must be able to work both day and night shifts. Shifts rotate quarterly. 

Travel: 

• This position may require 5% or less travel.