Responsible for conducting Cybersecurity incident and forensic investigations. They will be responsible for collecting, preserving, analyzing, and presenting evidence in support of investigations. The incident handler role will be a first responder to security alerts, assessing, and quickly containing malicious activity. The Security Incident Response Engineer will support a 24x7x365 Security Operations Center and must be able to adjust to a flexible work schedule when necessary.

Skills:

Incident Response, Splunk, SIEM, forensics

Top Skills Details:

Incident Response,Splunk,SIEM,forensics

Additional Skills & Qualifications:

Essential Job Duties & Responsibilities

• Identifies, investigates, and responds to threats.
• Conducts host and network forensic investigations across a range of environments, including log analysis and malware triage in support of incident response investigations.
• Take lead on overnight containment action and begin root cause analysis
• Leveraging forensics tools, techniques, and capacities to support account take over (ATO) investigations.
• Research security trends and recommend security tool optimization. Engage engineering staff and management for approval and assist in implementation.
• Ensure SOC Security Tools are working within tolerance levels
• Must be able to adjust to a flexible work schedule when necessary
• Collects additional context using Threat Intelligence and Security Operations Center data in support of investigation and analysis.
• Creates actionable after-incident reports for Security management and technical teams.
• Reports and trends cyber incident activity and account takeover activity.
• Provide training, mentoring, and subject matter expertise for Security Operations Center (SOC) staff.
• Maintains Incident response operating procedures, playbooks, tooling, and technical documentation. Completing updates as needed.
• Works with other areas of the company, finding common ground to ensure a smooth Security Incident Response process.
• Support projects that drive continuous improvement of the Incident Response program
• Ability to work outside of normal working hours as required due to critical incidents or emergency calls.
• Other duties as assigned.

Knowledge, Skills & Abilities

• Experience with investigating using a wide variety of detective technologies such as SIEM, SOAR, packet capture analysis, host forensics and memory analysis tools.
• Experience with authentication, authorization, and auditing technologies and how they are implemented in different environments.
• Security Incident Response methodologies and frame

About TEKsystems:

We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company.

The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.