KLA Sr Cybersecurity Analyst-Incident Response Hybrid 

United States, Michigan, Ann Arbor 

829363294

The Senior Cybersecurity Analyst is responsible for advanced incident response, threat huntingand maintaining the security tools that are used to secure our environment. This individual will have a specific focus on authoring detection rule-sets and generating and responding to tickets from our security tools and raising tickets (when appropriate) to relevant IT and Cybersecurity personnel.

• Act as an active member of the team, which monitors and process responses for security events on a 24x7 basis to include serving in a rotational on-call capacity.

• Plan and implement regular incident response and postmortem exercises, with a focus on crafting measurable benchmarks to show progress (or deficiencies requiring additional attention).

• Review and analyze cyber threats and provide SME support and training to junior level security analysts.

• Research adversarial detection evasion methods and develop new detection strategies to counteract these techniques.

• Analyze malicious code, scripts, attack techniques, or exploits to identify detection telemetry generated at a host and/or network level.

• Transform threat intelligence into effective detection logic and new signatures for integration with SIEM and EDR platforms.

• Evaluate existing detection rules and facilitate the development and tuning of AV, EDR, and SIEM rules to ensure high fidelity alerting.

• Communication with management as the need arises, keeping leaders informed of incident progress, notifying of impending changes or agreed outages.

• IDS monitoring and analysis, analyze network traffic, log analysis, prioritize and differentiate between potential intrusion attempts and false alarms.

• Compose security alert notifications.

• Advise incident responders in the steps to take to investigate and resolve computer security incidents.

• Actively preform detection, monitoring, analysis, and resolution of security incidents.

• Prioritize their own work to provide a positive customer experience.

• Participation in security incident handling efforts in response to a detected incident.

• Must maintain awareness of trends in security regulatory, technology, and operational requirements.

• Some domestic and/or international travel (up to 25%) may be required.

• Ability to communicate clearly with other team members

• Generate reports from different data sources and present to management when requested.

This is a Hybrid role and will be based out of our Midwest HQ in Ann Arbor, MI

Minimum Qualifications

• 5+ years of related experience in cybersecurity or related technologies such as:firewalls/AV/EDR/IPS/IDS/SIEMsystems.

• 5+ experience working in or with a Security Operations Center (SOC) in an Incident Responder role.

• Demonstrable experience developing behavioral-based signatures and indicators of compromise (IOCs) across host and network devices. There is a preference for Suricata experience, however familiarity using similar frameworks/methods (e.g. YARA, Sigma, STIX, Zeek, etc.) is acceptable.

• Experience with scripting languages such as Python, Bash, and PowerShell for task automation and analysis.

• Shown systems security exposure and proficiency in Operating Systems (Windows and Linux).

• Relevant security related certification(s) a plus: CISSP, GCIA, GSEC, GCIH, GCED, GCFA, GREM.

• Validated domain expertise in significant areas, such as incident response, intrusion analysis, incident handling, malware analysis, web security or security engineering.

• Strong working knowledge of common security appliances including: EDR, SIEM, AV, scanners, proxies, WAF, Netflow, IDS and forensics tools

• Ability to multi-task, adapt to changes quickly and handle heavy ticket volumes.

• Technical awareness: ability to match resources to technical issues appropriately.

• Ambitious and able to work in a fast-moving environment.

• Familiarity with various network and host-based security applications and tools, such as network and host assessment/scanning tools, network and intrusion detection systems, and other security software packages.

• Knowledge of confidentiality, integrity, and availability principles.

• Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, DNS and directory services.

• Knowledge of authentication, authorization, and access control methods.

• Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.