As a member of our Security Operations Team, you will lead and collaborate with a team of analysts to monitor and respond to security events, lead security incidents as Sr. Incident Handler, and lead triage and digital forensic investigations in support of the TNS corporate and production environments.
Although you will be focused on security incident response, you will also create and maintain runbooks, automate workflows, and assist in process refinement and implementation. You will collaborate with a diverse team of analysts supporting both on-prem and cloud. You will be responsible for bringing security expertise to the team to document and manage technical training, so analysts have clear progression paths for success within the TNS Security Operations Center.
Responsibilities:
- Perform top-level threat analysis and investigate security events
- Monitor security events and provide technical analysis on alerts
- Lead security incidents and employee investigations by taking the lead technically to provide effective monitoring and Incident Management actions following the MITRE attack framework
- Understand and be able to apply MITRE Attack Framework to security events
- Understand CSIRT functions and lead technical analysis, containment, and eradication of security events and incidents
- Act as Security Incident Commander for high impact security breaches and advanced attacks in accordance with TNS incident response process
- Deliver security guidance clearly and concisely for incident response and insider threat initiatives
- Attend internal meetings as a technical representative of the SOC and communicate factual and actionable information relating to events of interest and incidents
- Engage vendor and TNS technical teams to collaborate and challenge any areas where improvement is required to keep TNS secure
- Provide technical data to management in a clear format to illustrate Key Performance Indicators
Qualifications:
- 4+ years of experience in Security Incident Response
- Ability to communicate investigative findings and strategies to technical staff, executive leadership, and legal
- Ability to build scripts or tools to support TNS’s investigation processes, proficiency in PowerShell, Bash, or Python a plus
- Mentor and train security operation analysts on data collection, analysis, and reporting technical analysis
- Practical experience acting as a lead during security incident response, including triage, and coordinating across teams
- Ability to work with a team to complete the initiative while working well under pressure to rapidly investigate incidents
- Understanding of analysis and forensics techniques on macOS, Windows, and Linux
- Practical experience with orchestration tools such as SOAR
- Experience utilizing SIEM tools to perform log reviews
- Experience in cloud architecture and security (AWS primarily) and cloud-based services
- Crowdstrike experience a plus
An ideal candidate also has:
- 4+ years of experience working on insider threat initiatives or employee investigations
- Associate or Bachelor's Degree in Computer Science, Information Security, or a related field
- GIAC Certified Incident Handler (GCIH) Certification, Security+, CySA+
- Familiarity with common security frameworks and standards, including PCI-DSS, NIST Cybersecurity Framework, ISO 27001