Lead Analyst - CSIRT

As a Lead Analyst – CSIRT on the team, you’ll be the first line of response as you assess information security events and incidents across us and our customers’ environments.

Required Experience:


+ Years
Job Locations:


Location Restrictions:


Basic Qualifications and

In this role, you will collaborate and utilize problem solving skills as you work among a team of skilled analysts to address complex problems and add value to the organization and our customers. Our company is on a mission to protect and defend our customers, enable better risk-informed business decisions, and drive innovation and excellence within Cyber Security. Come be a part of a growing team that is doing important, challenging, and fulfilling work in support of that mission.

  • The Lead Analyst – CSIRT provides incident detection and response services for our CyberDNA managed NSM service. This role organizes and leads proactive hunts to identify anomalous activity indicative of active compromise, previous compromise, misconfigurations, or other notable observations to support the protection of our customers’ environments
  • Take work outputs from hunts and investigations and guide customers to take necessary action(s) in order to successfully remediate identified issues
  • Provide one-on-one mentoring to peers and junior analysts; serve as subject matter expert (SME) and escalation point for rest of the team
  • Develop and administer formal and ad-hoc team training courses
  • Development and maintenance of detection scripts, rules, signatures, and related logic
  • Find the bad guys and generally have fun (and satisfaction) kicking them out of places they shouldn’t be

Required Skills and Experience
  • Bachelor’s degree in computer science, information security or equivalent practical work experience.
  • 5-7+ years of hands-on experience responding to cyber attacks
  • Ability to work in a fast-paced, operational, and team-oriented environment (including non-standard work hours in response toInformation Security incidents)
  • Prior SOC/CSIRT experience in a 24x7 watch desk environment
  • Thorough understanding of intermediate to advanced security and network concepts (OSI model, Operating Systems, intrusion/detection, TCP/IP, ports, etc.)
  • Working knowledge of network monitoring, system log analysis, troubleshooting, and configuration control technologies
  • Experience with host and network-based security tools
  • Experience with network monitoring in a SOC environment and/or CSIRT team
  • Ability to demonstrate analytical mindset, close attention to detail, excellent critical thinking, logic, and adaptive learning (while balancing speed and thoroughness)
  • Ability to navigate ambiguity and develop working business relationships
  • Excellent written and verbal communication skills to present complex technical information and metrics to both technical and non-technical audiences; ability to speak authoritatively and confidently while balancing respect and & tact with customers

Interested in this position?
Fill out the form below!