Security Incident Response Analyst

Overview

Join to apply for the Security Incident Response Analyst role at Philtech Inc.. In this role, you will use your knowledge of industry best practices, good judgement, and problem-solving skills to execute security operations and incident response. You will be on the front lines of cyber defense for one of the largest retail organizations in the US. You should be adept at making good decisions under pressure and be able to quickly adapt to any security challenge. You will have a keen attention to detail and be disciplined in documenting process and procedures. You will also be in a support role for requests coming into the team making sure departmental SLAs are met. The Security Operations / Incident Response team goal is operational excellence, continual process improvement and customer service. It is part of Albertsons Companies 24/7 Security Operations Center and may involve shift work including day, evening, and weekend roles.

Main Responsibilities

• Perform log analysis and correlate disparate datasets to identify abnormal behavior.
• Respond to security events, driving issues to closure, and engaging all appropriate resources.
• Document Security process and procedures.
• Support service request in-take process and communicate back to requestors promptly.
• Provide enforcement of security policies, standards, and procedures.
• Knowing the latest on security technologies, trends, standards, and best practices.
• Participate Incident Response activities.
• Detecting, and analyzing cybersecurity threats.
• Working with our MSSP, responding to internal and external cyber security events.
• Ensure quality service delivery to internal customers across current and future capabilities including SIEM, Triage/Investigate/Response, Phishing Email Analysis and Response, Threat Detection Development.
• Ensure service incidents are closed within SLA.
• Ensure service metrics (SLAs/KRIs/KPIs) are met.
• Interface with our Cyber Threat Intelligence (CTI) team on detection development and new / upcoming threats.
• Will be working on Data Loss Protection.
• Other duties and responsibilities as assigned.
• This position will be a part of Albertsons Companies 24/7 Security Operations Center and may involve shift work including day, evening, and weekend roles.

What We Are Searching For

• Expert level knowledge and understanding of information technology systems and process.
• Experience with IT Service Management. Especially around the delivery of security services.
• Demonstrated and proven analytical, problem solving and troubleshooting skills.
• The ability to learn, understand and apply new concepts quickly.
• Experience writing detection rules, firewall rules, or any other similar detection capability.
• Comfortable with working with other internal or external organizations regarding security policy and standards violations, security controls failure and incident response situations.
• Ability to balance and prioritize work.
• Knowledge of information security principles and practice.
• A sound understanding of the OSI networking model.
• Advanced knowledge of networking protocols including DNS, TCP/IP, UDP.
• Experience with Windows Server/Workstation and Mac OS is required.
• Advanced level knowledge and experience with EDR, antivirus, anti-malware and proxy solutions.
• Must be trustworthy in keeping sensitive data confidential.
• Thorough understanding of current attack tools, tactics, procedures, and how to detect and/or mitigate them.
• Experienced and in-depth knowledge in Data Loss Protection.

We believe the successful candidate has these qualifications and experience:

• Experience working within Enterprise SOC operations.
• Experience with security operations technologies including SIEM, EDR, Cyber Threat Intelligence, Adversary Hunting, and Security Orchestration (SOAR) or other applicable experience.
• Comfortable participating in Incident Response Investigations, Incident Response Plan execution.
• Performing appropriate forensic procedures to capture and preserve evidence for future use and analysis in a manner that allows for appropriate chain of custody.

Send your application (CVs and/or portfolio) to

#J-18808-Ljbffr

---