SAP Incident Response Analyst 

United States, Pennsylvania, Newtown Township 

80102843

The Role

Our incident handlers are responsible for triaging security alerts detected by Enterprise Detection and SIEM, analyzing all available data to determine if a cyber-attack is occurring, scoping the extent of a suspected attack, coordinating efforts to contain attacks, performing forensic investigations to determine the details around an attack, and providing guidance on remediation actions.

In this role, respond to alerts, perform root cause analysis, develop attack remediation strategies, and ensure the communication and handle escalations of security activities. You will also assist in the development of incident handling processes, standard operating procedures, playbooks and runbooks. Through developing workflow automation, you will lower response times.

You will work with Security Engineering teams to make improvements to detection and alerting mechanisms and conduct forensic investigations to determine incident details and provide supporting evidence.

Role Requirements

You should have extensive demonstrated experience in cyber-attack investigations and of working in a similar 24/7 environments managing cases with enterprise SIEM or Incident Management systems.

You will also need to have the following technical skills and experience:

• Ability to possess and maintain a U.S. Government/DoD Clearance.
• Security certification (e.g. Security+, GCIA, GCIH, CISSP)
• Knowledge of APT actors; their tools, techniques, and procedures (TTPs)
• Knowledge of TTP methods and frameworks
• Knowledge of TCP/IP communications & knowledge of how common protocols and applications work at the network level, including DNS, HTTP, and SMB
• Knowledge of one or more
  • Windows/AD file system, registry functions and memory artifacts
  • Unix/Linux file systems and memory artifacts
  • Mac file systems and memory artifacts
  • Database, web application, cloud, or mobile device cyber incident response principals and techniques
  • Cybersecurity automation
  • Web servers and web applications.
  • SIEM (Splunk)
  • Security tools: IPS, Web proxy, Email proxy, pDNS, Deception, EDR etc....
• Experience with one or more scripting languages (Powershell, Python, Bash, etc.)
• Experience with integration of threat hunting and cyber threat intelligence into the incident response process
• Experience with information security compliance audit frameworks and requirements e.g. PCI, FISMA, FedRAMP, SOC, SOX, PCI, GDPR and Data Privacy

We win with inclusion

PhiladelphiaJob Segment:Cloud, ERP, Information Security, Database, Engineer, Technology, Engineering