Incident Response Analyst

Summary

Join Sourcepass, an IT consulting company, as an Incident Response Analyst. This front-facing role involves directly handling incoming alerts and reports to maintain client security, acting as a subject matter expert for the SOC team. Responsibilities include incident response, investigation, recovery, and reporting, both remotely and on-site. You will also perform triage work, patching vulnerabilities, and documenting procedures. The position reports to the Director of Incident Response and offers a salary of $70,000+ (negotiable based on experience). Sourcepass is a growing company with a strong track record and numerous awards. This is an opportunity to contribute to a successful and dynamic team.

Requirements

• Bachelor’s Degree or better from an accredited institution
• Willingness to learn and improve both core function skills and potential additional security role skills
• Both strong written and strong verbal communication skills, both internally and client-facing
• Basic understanding of SOC practices and processes
• Strong understanding of incident response practices and processes (familiarity with NIST SP 800-61r2, 800-83, and 800-86 desired; MITRE ATT&CK framework a plus.)
• Strong understanding of the Windows operating system (Linux and Macintosh a plus)
• Strong understanding of the Windows ecosystem (Active Directory, Azure, Microsoft365)
• Experience with ticketing and tracking systems
• Strong knowledge of networking protocols and topologies, as well as network analysis
• Intermediate understanding of malware analysis
• Analytical, problem solving, critical thinking skills
• Strong understanding of OS and network auditing

Responsibilities

• Respond to incidents within client environments
• Perform investigation, recovery, and reporting of such incidents
• Travel onsite when required
• Provide subject matter expert guidance to the Security Analysts
• Monitor incoming alerts, reports, and metrics from a variety of a systems to perform triage
• Perform automated or manual patching of discovered vulnerabilities or misconfigurations
• Clearly explain event sources and resolutions to clients
• Clearly document steps taken
• Follow documented procedures to drive resolution
• Make recommendations for improvements to processes and tools

Preferred Qualifications

• Knowledge of scripting languages (PowerShell, batch, etc.) a plus
• Knowledge of compliance frameworks (HIPAA, PCI, Title 23 NYCRR 500, NIST SP 800-171, etc.) a plus
• Security+, E|CIH, & GCIH certifications (or equivalents) all preferred