Job Description: Incident Response Analyst
Key Responsibilities:
- Tier 3 Security Incident Response :
- Conduct Tier 3 security incident response for application, network, and infrastructure security alert events.
- Utilize documented procedures and in-house security technologies to manage incidents effectively.
- Coordination and Task Assignment :
- Assign containment, eradication, and recovery tasks to appropriate resource teams.
- Ensure clear communication and coordination with relevant teams during incident response activities.
- Response Actions and Host Management :
- Perform response actions on managed hosts where the Security Operations Center (SOC) team has requisite access and permissions.
- Isolate suspected compromised or infected hosts and execute other pre-approved actions to disrupt cyberattacks.
- Incident Clarification and Communication :
- Clarify incident information and recommend containment, eradication, and recovery actions to the cyber defense team.
- Participate in cyber defense calls related to cybersecurity incidents and provide updates as needed.
- Peer Review and Quality Assurance :
- Conduct periodic peer reviews of Tier 2 analyst work to identify trends in effectiveness and areas for improvement.
- Provide constructive feedback to enhance the overall quality of incident response efforts.
- Escalation and Reporting :
- Engage relevant parties for issue escalation and reporting.
- Ensure timely communication of critical incidents and status updates to stakeholders, including executive management.
- Coordination and Best Practices :
- Collaborate with global teams to standardize incident response procedures and share best practices.
- Adapt response strategies to accommodate different regional and regulatory requirements.
- Continuous Improvement and Learning :
- Stay updated with the latest cybersecurity threats, trends, and technologies.
- Contribute to the development and enhancement of incident response processes and playbooks.
- Documentation and Analysis :
- Maintain comprehensive documentation of all incidents, actions taken, and lessons learned.
- Analyze incident data to identify patterns, improve detection capabilities, and prevent future incidents.
Qualifications:
- Extensive experience in cybersecurity, particularly in incident response and threat management.
- Proficiency in using security technologies and tools for incident detection and response.
- Strong knowledge of application, network, and infrastructure security.
- Excellent analytical, problem-solving, and decision-making skills.
- Ability to work under pressure and manage multiple incidents simultaneously.
- Strong communication and teamwork skills, with the ability to coordinate with cross-functional teams.
- Familiarity with global cybersecurity standards and regulatory requirements.
Additional Information: The Incident Response Analyst is a critical player in the organization's cybersecurity defense strategy. This role requires a proactive and agile approach to handling security incidents and a strong commitment to protecting the organization's digital assets and reputation. The Analyst must be prepared to respond swiftly and effectively to a wide range of cybersecurity threats, ensuring the organization remains resilient against evolving cyber challenges.
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.