Security Analyst I
Role details
Job location
Tech stack
Job description
This position supports a Security Operations Center (SOC) by performing digital forensics, responding to security incidents, and enhancing the overall security posture. The analyst will act as a primary liaison for forensics tasks, support general SOC operational duties, and contribute to the development of cyber threat intelligence. This role requires working onsite and may include holiday and weekend shifts as part of a 24/7/365 operational environment., * Serve as the primary liaison for forensics analysis tasks, including the analysis of digital media devices to identify, reverse engineer, and de-obfuscate content related to security incidents.
- Maintain and enhance the Digital Forensics Program, including process improvements and team upskilling.
- Support the SOC with general operational duties, such as handling security incidents for networks and systems.
- Augment cyber threat intelligence development and reporting generated from forensics investigations.
- Support the identification, development, and implementation of automation tasks for the SOC Forensics Program.
- Research, evaluate, and recommend new security tools, techniques, and technologies.
- Utilize tools and processes to scan, identify, contain, mitigate, and remediate vulnerabilities and intrusions.
- Perform analyses to validate and recommend security requirements and safeguards.
- Provide briefings to senior staff on the results of forensics investigations.
Requirements
Education: A Bachelor's degree in a related field is required. Additional experience can be substituted in lieu of education.
Experience: 0 years of related experience is required; 2 years of related experience is preferred.
Certifications: One of the following or similar industry-related certifications: Magnet Certified Forensics Examiner (MCFE), Encase Certified Examiner (EnCE), Digital Forensics Essentials (DFE), or GIAC Certified Forensics Analyst (GCFA).
Technical Skills:
- Experience with programming languages such as Python, C++, or JavaScript.
- Knowledge of evidence acquisition for the chain of custody process.
- Demonstrated experience in host, cloud, identity, and network forensics.
- Experience with packet capture, volatile memory, and suspicious script analysis.
- Familiarity with physical device imaging and digital forensics software.
- Experience with IDS/IPS, firewalls, and anti-viranti-malware technologies.
- Proficiency in incident response procedures.
- Experience analyzing security alerts via a Security Information and Event Management (SIEM) tool, such as MS Sentinel or equivalent.
- Ability to produce malware analysis technical reports.