Lead Analyst, Incident Response
USA – New York, Remote
Who protects the protectors?
Defensive Cyber Operations (DCO) is Symantec’s dedicated internal cyber security team. We are dedicated to detecting and responding to any adversary in our diverse environment. We utilize Symantec’s world-class intelligence function, build best practice, and drive innovation for Symantec products and services by integrating them into our security operations. Consisting of experienced cyber security professionals, our team provides proactive and intelligence-driven incident response, detection, and threat hunting.
The successful candidate will be an experienced leader and investigator, with strong communication skills, a background of leading an incident response team, and conducting in-depth investigations across a variety of data sources and environments.
Analyze and respond to identified incidents, acting as the incident commander or technical lead when required
Execute the incident response process from preparation to post-incident
Apply knowledge of the incident response process and operational intelligence observed during past incidents to improve the response readiness of the organization
Plan and contribute to remediation and mitigation efforts with cross-functional business units
Cultivate and maintain relationships with external teams to support the incident response function
Develop and maintain incident response documentation
Plan and participate in cross-functional initiatives, such as tabletop exercises and red teaming
Minimum 7 years in cyber security operations and incident response, or comparable experience
Experience leading an incident response team and operating as an incident commander during incidents
Experience working in fast-paced environments and an appreciation of the tempo and pattern of work during an incident
Excellent interpersonal, organizational, communication, and writing skills
Detail oriented with excellent analytical and investigative skills
Clear understanding of adversary motivations, such as cybercrime, hacktivism, cyber espionage
Good understanding of basic cyber-intelligence techniques
In-depth technical knowledge in at least two of the following: Windows disk and memory forensics, *Nix disk and memory forensics, cloud-specific incident response techniques, network traffic analysis, static and dynamic malware analysis
Strong understanding of security operations concepts, such as perimeter defense, BYOD management, data loss protection, inside threat, adversary lifecycle analysis, risk assessment, and security metrics
Understanding of security’s role within the context of IT operations and how these operations may impact incident response
Understanding of basic computer science concepts, such as algorithms, data structures, databases, operating systems, networks, and tool development
Computer & IT , Computer Security , Analyst