Job Description
Job Title: Lead / Cybersecurity (Threat Detection & Response Analyst) Engineer
- Remote
- Conduct real-time analysis using the SIEM, Cloud, Endpoint and Network based technologies, and other security analytics tools with a focus on identifying security events and false positives.
- Correlate intelligence, to develop deeper understandings of tracked threat activity.
- Apply basic threat hunting techniques to pivot for given information to known attack patterns, malicious code families, tracked threat groups and other historical information.
- Pivot through open-source and internal frameworks for related data associated with potentially malicious Indicators of Compromise (IoCs) and Indicators of Attack (IoAs).
- Triage potentially malicious binaries and/or other types of malware, including familiarity with basic to intermediate static/dynamic analysis techniques.
- Prepare and report risk analysis and threat findings to appropriate stakeholders.
- Create, recommend, and assist with development of new security content as the result of hunt missions to include signatures, alerts, workflows, and automation.
- Coordinate with different teams to improve threat detection, response, and improve overall security posture of the Enterprise.
- Script basic tasks with high-level scripting languages, such as Python or PowerShell.
- Threat Detection & Response Playbook Development, Standard Operating Procedures, Amtrak ITSM Cyber Incident Management and Handling Playbook Development, Non-Cyber & Physical Incident Playbook Development
Apply tot his job
Apply To this Job