Cyber Incident Response Analyst II (Remote)

At Iron Mountain we know that work, when done well, makes a positive impact for our customers, our employees, and our planet. That’s why we need smart, committed people to join us. Whether you’re looking to start your career or make a change, talk to us and see how you can elevate the power of your work at Iron Mountain.

We provide expert, sustainable solutions in records and information management, digital transformation services, data centers, asset lifecycle management, and fine art storage, handling, and logistics. We proudly partner every day with our 225,000 customers around the world to preserve their invaluable artifacts, extract more from their inventory, and protect their data privacy in innovative and socially responsible ways. 

Are you curious about being part of our growth stor​y while evolving your skills in a culture that will welcome your unique contributions? If so, let's start the conversation.

Job Summary

The Iron Mountain Cyber Incident Response Team (CIRT) is responsible for detecting and investigating information security incidents across the global enterprise.  The team coordinates with key stakeholders to gather incident details, assess the impact, and leads response and recovery efforts.  The Cyber Incident Response Analyst II reports to the CIRT Director and will be responsible for the review of information security alerts to identify potential threats to Iron Mountain assets and to assist with the incident response.  The CIRT Analyst II will have the opportunity to contribute to a highly visible information security function with accountability for managing internal and external security incidents as well as responsibility for enhancing the firm’s posture against evolving cyber security threats.

Skills and Requirements

Security Alert Management/Threat Hunting

• Monitor and analyze network and host based security events and logs to identify potential security threats.

• Prioritize and differentiate between potential intrusion attempts and false alarms.

• Properly respond to alerts that require incident response review.

• Assist with incident response investigations.

• Assist with development and tuning of threat rules and indicators of compromise.

Incident Response

       Assuming more independence with:

• Responding to security incidents according to the Computer Security Incident Response Plan.

• Providing guidance to first responders for handling information security incidents.

• Coordinating efforts among multiple business units during response.

• Providing timely and relevant updates to appropriate stakeholders and decision makers.

• Providing investigation findings to relevant business units to help improve information security posture.

• Validating and maintaining incident response plan and playbooks to address potential threats.

• Compiling and analyzing data for management reporting and metrics.

• Provide rotational on-call support for assessing potentially critical alerts escalated by off-hours monitoring team.

Threat Management

• Monitor and analyze threat intelligence data received from cyber threat vendors.

• Monitor information security related websites (US-CERT, SANS Internet Storm Center, etc.) and mailing lists (SANS NewsBites, etc.) to stay up to date on current attacks and trends.

• Analyze potential impact of new threats and exploits and communicate risks to relevant business units.

Qualifications

• Three or more years of technical experience in the information security field, preferably in a Security Operations Center (SOC), Network Operations Center (NOC), or Computer Emergency/Incident Response Team (CERT/CIRT)

• Three or more years of practical experience in an incident response role

• Advanced knowledge of information systems security concepts and technologies, including SIEM technologies, network architecture, database concepts, intrusion detection, cloud security, endpoint protection, email protection, malware remediation; and computer forensic tools such as EnCase and open source alternatives.

• Familiarity with security frameworks, such as NIST, and compliance standards such as HIPAA, GDPR and PCI.

• Advanced knowledge and experience with the Windows and Linux operating systems

• Working knowledge of and experience in investigating malicious code

Demonstrated ability to apply technical and analytical skills in a security environment

• Ability to work extremely well under pressure while maintaining a professional image and approach

• Strong data analytics abilities; can perform independent analysis and distill relevant findings and root cause

• Strong analytical writing skills; can articulate complex ideas clearly and effectively; experience creating and presenting documentation and management reports

• Team player with proven ability to work effectively with other business units, IT management and staff, Legal, vendors, and consultants

• Strong communication skills; can plan and lead effective meetings, conduct structured interviews to collect information, and present to a variety of audiences, including key stakeholders and decision makers

• Experience in the following or similar tools: IBM QRadar, Splunk Enterprise Security, Crowdstrike Falcon, Check Point Next Generation Appliances, McAfee IPS, Tenable, Tanium, Wireshark, Riverbed Cascade, Encase, and coding languages such as Perl or Python

Education/Certifications

• Bachelor’s degree in management information systems, computer science, or related discipline is desired.

• Postgraduate degrees and certificate programs in relevant areas that demonstrate analytical technical backgrounds will also be considered.

• SANS certifications (GSEC, GCIH, GCFA or GCIA) and EnCER certification(s) desired.