Incident Responder

Summary

Join Centric Software's security operations team as an Incident Response professional. This role involves managing and mitigating security incidents across the global enterprise, working closely with the Incident Response Manager. You will identify, triage, and resolve security threats, conduct post-incident analysis, and support forensic investigations. Strong cybersecurity experience with incident response is crucial, along with excellent communication skills. The ideal candidate will be able to work efficiently under pressure and collaborate effectively with cross-functional teams.

Requirements

• Minimum of 3-5 years of experience in cybersecurity, with a strong emphasis on incident response
• Familiarity with common security incident response methodologies and cyber-attack vectors (e.g., ransomware, phishing, malware, DDoS)
• Experience working with security tools such as SIEM, IDS/IPS, firewalls, endpoint protection, and forensic analysis software
• Strong written and verbal communication skills, with the ability to convey technical issues clearly to non-technical stakeholders
• Ability to think critically and act swiftly in high-pressure situations to mitigate the impact of security incidents
• Ability to engage with internal teams and external customers to provide updates and support during high-severity incidents

Responsibilities

• Support in the identification and classification of security incidents, evaluating potential impact and severity to determine the appropriate response actions
• Support the Incident Response Manager in the containment, investigation, and resolution of security incidents
• Work closely with cross-functional teams to manage security events throughout the lifecycle
• Collaborate in conducting post-incident analysis to determine the root cause of security breaches and assist in the implementation of measures to prevent future incidents
• Support forensic investigations by collecting and analyzing digital evidence, ensuring proper preservation, and contributing to incident reports
• Maintain accurate and detailed documentation of security incidents, including incident timelines, actions taken, and impact assessments
• Utilize security technologies and tools (e.g., SIEM, IDS/IPS, firewalls, endpoint protection) to detect and respond to incidents
• Communicate effectively with both technical and non-technical teams to provide updates and report on the status of security incidents
• Assist in conducting training sessions to raise awareness about security best practices and incident response procedures within the organization
• Support the management of third-party tools and vendors used in incident response efforts to ensure their effectiveness and proper integration
• Ensure that incident response efforts comply with relevant legal, regulatory, and contractual requirements

Preferred Qualifications

• Industry certifications such as CISSP, CISM, GIAC (GCIH), or other relevant cybersecurity credentials
• Forensics Expertise Experience with forensic tools like EnCase, FTK, Autopsy, Magnet Axiom, or X-Ways
• Ability to analyze disk images, memory dumps, and logs to extract evidence
• Understanding of data recovery techniques and chain-of-custody procedures
• Incident Response Skills : Proficiency in managing security incidents, including detection, containment, eradication, and recovery
• Familiarity with EDR/XDR tools like CrowdStrike, SentinelOne, or Carbon Black
• Experience with SIEM systems such as Exabeam, Splunk, ArcSight, or QRadar for log analysis and correlation
• Malware Analysis : Knowledge of reverse engineering and analyzing malicious code
• Familiarity with tools like IDA Pro, Ghidra, or OllyDbg
• Networking & Systems : Strong understanding of TCP/IP, DNS, and other networking protocols
• Experience with Windows, Linux, and macOS forensics
• Ability to perform packet analysis using tools like Wireshark
• Scripting & Automation : Proficiency in Python, PowerShell, or Bash for automating forensic or incident response tasks
• Forensics-Specific : GIAC Certified Forensic Analyst (GCFA)
• EnCase Certified Examiner (EnCE)
• Magnet Certified Forensics Examiner (MCFE)
• Certified Hacking Forensics Investigator (CHFI)
• Incident Response and Cybersecurity : GIAC Certified Incident Handler (GCIH)
• CompTIA Cybersecurity Analyst (CySA+)
• Certified Information Systems Security Professional (CISSP)
• Additional Skills : GIAC Reverse Engineering Malware (GREM) for malware analysis
• Offensive Security Certified Professional (OSCP) to understand adversarial tactics