RESPONSIBILITIES Kforce is seeking a full-time Incident Response Root Cause Analyst to remotely support our enterprise technology client based in Austin, TX. Overview This role requires experience in all phases of Cybersecurity Incident Response including preparation, analysis, notification, response, recovery, and post-mortem as well as an understanding of Cybersecurity Engineering and Operations. The focus of the role is primarily understanding security incidents, incident trending, root cause analysis (RCA), business impact, and alignment of control capabilities to detect and block threats to meet the needs of the company and its various lines of business. Through root cause and business impact assessment, the work product delivered by this role will enable the continual improvement of CSIRT's technical investigative capabilities (process, technology, visibility) by improving coverage of existing controls and remediating existing gaps or constraints. Key Responsibilities Review trending of IR incidents and impact on the business and possible remediation activities Perform technical cyber security investigations on security incidents, root cause analysis, recommend and mitigate the effects caused by an incident Provide technical Incident Response guidance to the Incident Response teams as needed Mature the CSIRT and Cybersecurity processes to ensure it meets the needs of the global business and is adhered to Assist with the creation and refinement of CSIRT requirements and recommendations to Cybersecurity and IT architecture and engineering teams Participate in IR shift handoff activities to understand day to day operational issues faced by IR teams Interface with Cybersecurity Architecture, Engineering, and Operations teams to provide feedback on gaps in existing control coverage that could be improved as a result of Incident Post Mortem activities REQUIREMENTS 6+ years of hands-on experience with a focus in areas such as systems, network, or information securitycybersecurity 4+ years of cybersecurity Incident Response experience Should possess one or more of the following certifications - CISSP, SANS GCIH, GCIA, GNFA, GREM Exceptional ability to conduct cybersecurity investigations, analyze and distill relevant findings and determine root cause Strong knowledge of security technologies such as SIEM, Full packet capture, FirewallNGFW, IDSIPS, EDR, DLP, UEBA Strong knowledge of web technologies, networking protocols, Microsoft Windows and LinuxUnix platforms and tools with related experience in corporate infrastructures Strong technical experience and familiarity of various types and techniques of cyber-attacks, with the incident response and threat hunting lifecycles Excellent analytical thinking, time management and coordination skills and excellent command in English (both written and verbal) Ability to work in a dynamic and multicultural environment, with a positive and professional attitude Kforce is an Equal OpportunityAffirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.
Posting ID: 596179664Posted: 2021-01-04