Digital Forensics and Incident Response Analyst

They gather information about your interactions on the site, such as which pages you visit frequently, how long you stay, and the links or buttons you click. They help us record any difficulties you have with the website and help us to evaluate the effectiveness of our advertising. By analyzing this data, we can understand what aspects of our site are effective and identify areas for improvement.* This is a secondary processing purpose.* This is a secondary processing purpose.* This is a primary processing purpose.* This is a secondary processing purpose.Incident Response Analyst page is loaded## Incident Response Analystlocations: Manila: Remote-Philippinestime type: Full timeposted on: Posted Todayjob requisition id: R As the global leader in high-speed connectivity, Ciena is committed to a people-first approach. Our teams enjoy a culture focused on prioritizing a flexible work environment that empowers individual growth, well-being, and belonging. We’re a technology company that leads with our humanity—driving our business priorities alongside meaningful social, community, and societal impact.**The Security Organization**The Security team at Ciena is a tightly knit group of skilled professionals who share the same passion for defending against cyber criminals. With the increase in volume and sophistication of cyber-crime, we are growing and have tons of exciting work planned.**Key Responsibilities*** **Incident Response Leadership** + Lead the detection, containment, eradication, and recovery phases of cybersecurity incidents in collaboration with the SOC and other teams. + Coordinate and facilitate the Extended Security Incident Response Team (ESIRT) during high-severity incidents. + Develop and maintain incident response playbooks, procedures, and workflows to improve readiness and efficiency.* **Digital Forensic Analysis** + Perform host forensic analysis on Windows based systems. + Conduct network forensics by leveraging disparate log sources to include firewall logs, NetFlow, full packet capture, and various intrusion detection/prevention logs. + Leverage available tooling to contain and eradicate a threat actor's presence from the network when responding to live intrusion events. + Understand the capabilities of malicious binaries and scripts through usage of sandbox environments and static analysis.* **Tabletop Exercises (TTXs)** + Design, develop, and lead regular Tabletop Exercises (TTXs) to test and enhance the organization’s incident response capabilities. + Evaluate the performance of participants during TTXs and provide actionable feedback for improvement. + Maintain detailed records and reports of TTX outcomes to guide future training and preparedness.* **Proactive Threat Hunting** + Conduct regular proactive threat-hunting activities to identify potential risks, vulnerabilities, and indicators of compromise (IOCs). + Utilize advanced tools, techniques, and threat intelligence to uncover malicious activity within the environment. + Collaborate with the SOC to refine detection mechanisms and improve response capabilities based on threat-hunting findings.* **Collaboration and Communication** + Work closely with the SOC, Security Architecture, IT, and other teams to enhance incident response and threat-hunting processes. + Serve as a liaison between technical teams and executive stakeholders during incidents, providing clear and concise updates. + Represent the organization in external threat-sharing communities and partnerships to stay ahead of emerging threats.* **Process Development and Maintenance** + Continuously improve incident response processes and threat-hunting methodologies. + Ensure compliance with relevant regulations, industry standards, and company policies in all incident response activities. + Maintain detailed and accurate documentation of incidents, investigations, and lessons learned.**Qualifications*** **Education:** + Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field or equivalent experience. + Relevant Certifications pertaining to DFIR are desirable but not required.* **Experience:** + 3-5+ years of experience in cybersecurity, with a focus on incident response and threat hunting. + Experience in Digital Forensics and Incident Response ("DFIR") consulting or IR within a global organization is highly desirable.* **Skills** + Strong knowledge of incident response methodologies, threat-hunting, cyber threat intelligence research, and cybersecurity tools (e.g., SIEM, EDR, forensic tools). + Familiarity with digital forensics and Windows based artifacts. + Strong understanding of attacker Tactics, Techniques, and Procedures ("TTPs"). + Proficiency in scripting and automation (e.g., Python, PowerShell) is a plus. + Strong analytical, communication, and organizational skills.* **Other Requirements:** + Ability to work effectively in a fast-paced, 24/7/365 environment, including participating in on-call rotations as needed. + Strong problem-solving skills with a focus on collaboration and teamwork. + Experience designing and leading Tabletop Exercises is a significant advantage.#LI-SM #LI-Remote #LI-HybridJoin our to get relevant job alerts straight to your inbox. At Ciena, we are committed to building and fostering an environment in which our employees feel respected, valued, and heard. Ciena values the diversity of its workforce and respects its employees as individuals. We do not tolerate any form of discrimination.Ciena is an Equal Opportunity Employer, including disability and protected veteran status.If contacted in relation to a job opportunity, please advise Ciena of any accommodation measures you may require.#J-18808-Ljbffr