Incident Response Analyst (DFIR)

at Teksystems in Chicago, Illinois, United States

Job Description

Description:

The digital forensic/incident response analyst is a key member of an organization’s cybersecurity team who identifies, investigates, and responds to security incidents. Their primary role is to ensure that incidents are handled efficiently and effectively, minimizing damage and allowing operations to resume as quickly as possible

Subject matter expertise including:

- Demonstrate and provide in-depth knowledge with Threat Actor tactics, techniques, and procedures (TTPs), log analysis, network traffic analysis, and analyzing system artifacts (file system, memory, running processes, network connections) for indicators of infection/compromise

- Provide forensic tool expertise with proficiency in using software such as Magnet Forensics, Joe Sandbox, IDA Pro, and/or Wireshark

- Support Malware Analysis to understand its behavior and impact as well as identifying indicators of compromise (IOCs)

- Document investigative findings in a manner aligned with Processes & DFIR best practices

- Support Incident Reporting for management, legal, and regulatory purposes

- Organize, perform, and support Cybersecurity tabletop exercises

- When not addressing an active IR Investigation:

- Lead & assist with IR process workflow improvements

- Lead & assist with Threat Hunting activities to identify unknown threats and posture gaps

Skills:

incident response, security, endpoint

Top Skills Details:

incident response,security,endpoint

Additional Skills & Qualifications:

Subject matter expertise including:

- Performing rapid response and triage of security incidents, data breaches, malware infection, & other system compromises as escalated by the Cyber Defense Operations Center (CDOC)

- Perform containment & eradication by assessing the situation, containing threats, & eradicating it from affected systems

- Adhere to strict procedures for evidence collection, ensuring the integrity of digital evidence throughout the investigation (Chain of Custody)

- Facilitate communication and collaborate with internal teams, management, and external stakeholders to provide timely updates on incident progress

- Familiarity with security controls/tooling used by the client in an IR capacity, such as:

- Splunk and Elasticsearch

- Splunk SOAR (For case management)

- Endpoint: Microsoft Defender for Endpoint, CrowdStrike, Wazuh, & Tanium

- Network: Netskope SWG and CASB, Palo Alto IPS, CloudFlare WAF, Extrahop, & NetWitness

- IAM: Azure AD

Experience Level:

Intermediate Level

We’re partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That’s the power of true partnership. TEKsystems is an Allegis Group company.

The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.