Senior Threat Analyst, Incident Handler Tier II

Responsibilities:

Advanced Threat Investigation and Hunting:

• Lead complex investigations of security incidents, leveraging your in-depth knowledge of cloud security, incident response best practices, and XDR capabilities (SIEM, EDR, SOAR, Vulnerability Detection, etc.). 
• Conduct advanced log analysis, file analysis, memory forensics, and network traffic analysis to identify sophisticated threats, understand attacker tactics, techniques, and procedures (TTPs), and determine the scope of the compromise. 
• Partner with the Threat Intelligence team to develop and refine threat hunting criteria, proactively searching for potential threats based on the latest threat intelligence and customer environment specifics. 
• Utilize your expertise to identify and analyze emerging threats specific to cloud environments and proactively update investigation methodologies to stay ahead of evolving attack vectors.

Direct

• Develop and implement effective containment strategies (with customer approval) to isolate compromised systems, disrupt ongoing attacks, and minimize potential damage to customer cloud environments. 
• Lead the eradication phase, collaborating with customer security contacts and Tier 3 analysts to remove all traces of malware or malicious actors from compromised systems. 
• Collaborate with other Tier 2 and 3 analysts and customer security contacts involved in recovery efforts, ensuring a comprehensive and secure restoration of affected systems and data for the customer.

Security Rule Management:

• Manage and refine security rules within the XDR system (SIEM, EDR, etc.) to optimize threat detection capabilities for customer cloud environments. 
• Analyze security rule performance metrics and identify opportunities for fine-tuning rules to minimize false positives and ensure effective detection of potential threats. 
• Collaborate with the Threat Intelligence team to incorporate the latest threat intelligence into security rule development and updates. 

Mentorship and Team Leadership:

• Provide mentorship and guidance to junior Threat Analysts, coaching them on advanced investigation techniques, threat hunting methodologies, and effective communication during incident response. 
• Review and provide constructive feedback on their investigation reports and incident response plans, fostering continuous improvement within the Threat Analyst team. 
• Foster a collaborative learning environment, encouraging knowledge sharing and the development of team expertise in cloud security incident response. 

Customer Communication and Incident Management: 

• Manage communication with customer security contacts during critical incidents, clearly explaining the situation, potential impact, and proposed solutions. 
• Address customer concerns with empathy and professionalism, maintaining a positive relationship throughout the incident response lifecycle. 
• Document all communication with customers and maintain a clear audit trail for future reference. 

Qualifications:

• 5+ years of experience in a security operations center (SOC) or incident response role. 
• Extensive experience in analyzing and investigating security incidents (including malware analysis, forensic investigations). 
• Solid understanding of threat hunting methodologies and advanced investigation tools. 
• Proven ability to lead and coordinate incident response activities. 
• Excellent communication and collaboration skills, with the ability to explain complex technical information to non-technical audiences. 
• Proficiency in cloud security concepts and best practices within AWS, Azure, or GCP. 
• Experience with healthcare applications and industry-specific threats is a strong plus. 

Preferred Qualifications:

• Relevant certifications (e.g., GCIH, GCFE, GCFA, GCIA, CISSP, CCSP) 
• Experience in the healthcare industry.