Senior Cyber Incident Response Engineer - REMOTE - Simple Solutions
Jacksonville, FL 32206
About the Job
Senior Cyber Incident Response Engineer
Location: REMOTE
Duration: 6-Month Contract to Hire
Client: CVS Health/WWT
Interview Process: Technical Screen, CVS Scenario EDR Data Based Assessment, if they pass the assessment then they will have a 30 min interview with the hiring manager and 2 of the other CVS team members.
Position Overview:
The Senior Cyber Incident Response Engineer will play a crucial role in our Security Operations Center, responsible for monitoring, analyzing, and responding to security incidents. This individual will leverage their expertise in three of the following technologies: Splunk, Crowdstrike, Defender, Mindcast, and Anamoly, to enhance our threat detection and response capabilities. The ideal candidate will have a strong background in cybersecurity, excellent analytical skills, and a proactive approach to
identifying and mitigating security threats.
Key Responsibilities:
Threat Detection and Analysis:
- Monitor security events and alerts from various sources, including SIEM systems, IDS/IPS, and endpoint protection platforms.
- Conduct in-depth analysis of security incidents to determine the root cause, impact, and appropriate remediation steps.
- Utilize expertise in Splunk, Crowdstrike, Defender, Mindcast, and/or Anamoly to enhance threat detection and response processes.
Incident Response:
- Lead the investigation and resolution of complex security incidents, coordinating with other teams as necessary.
- Computer incident response leadership.
- Log analysis.
- Forensic image analysis.
- Timeline analysis.
- Kill Chain analysis.
- Threat modeling.
- Preparation of incident status and reports.
- Develop and implement incident response playbooks and procedures to ensure timely and effective incident handling.
- Perform post-incident analysis to identify improvements and prevent future occurrences.
Security Monitoring:
- Configure and fine-tune security monitoring tools and technologies to optimize detection capabilities.
Collaboration and Communication:
- Interface with various Business Units, IT leads, third parties supporting customers IT Operations, Security, Operations, and law enforcement.
- Communicate effectively with stakeholders, providing clear and concise reports on security incidents and SOC activities.
Required Qualifications/Skills:
- Minimum of 5 years of experience in information security roles or worked in a SOC environment or similar cybersecurity role with experience in the health services or financial industries.
- 2+ years of CIRT incident response is REQUIRED.
- Proficiency in at least three of the following technologies: Splunk, Crowdstrike, Defender, Mimecast, and Anamoly.
- Experience with the following information security technologies and principles:
- Firewalls.
- Proxy.
- Malware sandboxing and reverse engineering.
- EDR.
- AV
- DLP
- EuBA
- Kill Chain Analysis
Key Responsibilities: Threat Detection and Analysis: Monitor security events and alerts from various sources, including SIEM systems, IDS/IPS, and endpoint protection platforms. Conduct in-depth analysis of security incidents to determine the root cause, impact, and appropriate remediation steps. Utilize expertise in Splunk, Crowdstrike, Defender, Mindcast, and/or Anamoly to enhance threat detection and response processes. Incident Response: Lead the investigation and resolution of complex security incidents, coordinating with other teams as necessary. Computer incident response leadership. Log analysis. Forensic image analysis. Timeline analysis. Kill Chain analysis. Threat modeling. Preparation of incident status and reports. Develop and implement incident response playbooks and procedures to ensure timely and effective incident handling. Perform post-incident analysis to identify improvements and prevent future occurrences. Security Monitoring: Configure and fine-tune security monitoring tools and technologies to optimize detection capabilities. Collaboration and Communication: Interface with various Business Units, IT leads, third parties supporting customers IT Operations, Security, Operations, and law enforcement. Communicate effectively with stakeholders, providing clear and concise reports on security incidents and SOC activities. Required Qualifications/Skills: Minimum of 5 years of experience in information security roles or worked in a SOC environment or similar cybersecurity role with experience in the health services or financial industries. 2+ years of CIRT incident response is REQUIRED. Proficiency in at least three of the following technologies: Splunk, Crowdstrike, Defender, Mimecast, and Anamoly. Experience with the following information security technologies and principles: Firewalls. Proxy. Malware sandboxing and reverse engineering. EDR. AV DLP EuBA Kill Chain Analysis