Lead Analyst, Incident Response Employee Full Time

Symantec

Employee, Full-Time

NY

02/07/19

Lead Analyst, Incident Response

USA – New York, Remote

Description:

Who protects the protectors?

Defensive Cyber Operations (DCO) is Symantec’s dedicated internal cyber security team. We are dedicated to detecting and responding to any adversary in our diverse environment. We utilize Symantec’s world-class intelligence function, build best practice, and drive innovation for Symantec products and services by integrating them into our security operations. Consisting of experienced cyber security professionals, our team provides proactive and intelligence-driven incident response, detection, and threat hunting.

The successful candidate will be an experienced leader and investigator, with strong communication skills, a background of leading an incident response team, and conducting in-depth investigations across a variety of data sources and environments.

Responsibilities:

Analyze and respond to identified incidents, acting as the incident commander or technical lead when required

Execute the incident response process from preparation to post-incident

Apply knowledge of the incident response process and operational intelligence observed during past incidents to improve the response readiness of the organization

Plan and contribute to remediation and mitigation efforts with cross-functional business units

Cultivate and maintain relationships with external teams to support the incident response function

Develop and maintain incident response documentation

Plan and participate in cross-functional initiatives, such as tabletop exercises and red teaming

Required Skills

Minimum 7 years in cyber security operations and incident response, or comparable experience

Experience leading an incident response team and operating as an incident commander during incidents

Experience working in fast-paced environments and an appreciation of the tempo and pattern of work during an incident

Excellent interpersonal, organizational, communication, and writing skills

Detail oriented with excellent analytical and investigative skills

Clear understanding of adversary motivations, such as cybercrime, hacktivism, cyber espionage

Good understanding of basic cyber-intelligence techniques

In-depth technical knowledge in at least two of the following: Windows disk and memory forensics, *Nix disk and memory forensics, cloud-specific incident response techniques, network traffic analysis, static and dynamic malware analysis

Strong understanding of security operations concepts, such as perimeter defense, BYOD management, data loss protection, inside threat, adversary lifecycle analysis, risk assessment, and security metrics

Understanding of security’s role within the context of IT operations and how these operations may impact incident response

Understanding of basic computer science concepts, such as algorithms, data structures, databases, operating systems, networks, and tool development

Computer & IT , Computer Security , Analyst