Lead Incident Response Security Analyst

Optomi • Alpharetta, GA, US • $125k - $140k / year • 15h ago

Lead Incident Response Security Analyst - Hybrid in Alpharetta, GA*

Optomi, in partnership with an IT Solutions company is looking to add a Lead Incident Response Security Analyst to their growing team! The Lead Incident Response Security Analyst will be part of a team investigating events of interest and incidents as they are validated, prioritized, and categorized by L1 and L2 analyst teams. The Lead Incident Response Security Analyst will investigate, contain, eradicate, and respond in a continued and unified effort to protect the confidentiality, integrity, and availability of the company, their partners’ and customers’ data and services.

What You Will Do:

Lead in the Cyber Incident Response Plan process as the Cyber Incident Response Lead or Cyber Incident Commander, collaborating with cross-functional and geographically dispersed teams to identify, develop, and implement containment, eradication, and recovery strategiesIdentify, develop, and operationalize security operations metrics to assist in maturing and enhancing visibility and global security capabilities
Continuously improve incident response processes through automations, standardizations, and tools development, customization and/or controls deployments
Participate in post-incident activities including coordinating and providing input reports and identifying areas for continuous improvements within the GSOC enablement, processes, or technology
Escalate tickets as required to Director for additional scrutiny and incident declaration
Identify, approve, and implement blocking, listing and other mechanisms to promote a robust security posture
Keep up to date with the latest security and technology developments, research/evaluate emerging cyber security threats and ways to manage them to proactively
Participate in threat hunts, blue team/purple team activities by simulating real-world cyber-attacks to evaluate the effectiveness of security defenses and recommend improvements
Be the escalation point for all junior analysts to aid and facilitate the accurate and expedient identification, verification, and remediation of security incidents. Mentor, coach and facilitate enablement opportunities to develop junior security analysts

What You Will Need:

6+ years of practical experience in leading incident response investigations, including malware analysis, and implementing containment strategies
Experience in network, disk and memory forensics
Experience with Splunk, EDR, email security, and cloud environments (GCP, AWS, and Azure)
Knowledge and experience in developing automations using scripting languages like Python and PowerShell to automate various tasks and improve accuracy

Nice to have:

Bachelor's degree in computer science or a related discipline
CISSP, CCSP, GIAC or other relevant cyber security certifications
Knowledge of the common attack vectors on the network layer, different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks)
Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored)
Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks)
Thorough understanding of system and application security threats and vulnerabilities, enabling proactive identification and mitigation strategies to safeguard critical assets and data

*This role is looking for someone open to working hybrid 2-3x per week. Also has locations in Fort Lauderdale, FL, Seattle, WA or San Francisco, CA for hybrid work. .