Incident Response Analyst

Summary

Join Sourcepass, an IT consulting company, as an Incident Response Analyst. This front-facing role involves directly handling incoming alerts and reports to maintain client security, acting as a subject matter expert for the SOC team. Responsibilities include responding to incidents, performing investigations and reporting, providing expert guidance to Security Analysts, and performing triage. The Analyst will also conduct patching and clearly explain events to clients. This position requires a Bachelor’s Degree, strong communication skills, and a solid understanding of SOC, incident response, and Windows systems. The schedule is Monday-Friday, 12am-9am EST. This is an independent contractor position.

Requirements

• Bachelor’s Degree or better from an accredited institution
• Willingness to learn and improve both core function skills and potential additional security role skills
• Both strong written and strong verbal communication skills, both internally and client-facing
• Basic understanding of SOC practices and processes
• Strong understanding of incident response practices and processes (familiarity with NIST SP 800-61r2, 800-83, and 800-86 desired; MITRE ATT&CK framework a plus.)
• Strong understanding of the Windows operating system (Linux and Macintosh a plus)
• Strong understanding of the Windows ecosystem (Active Directory, Azure, Microsoft365)
• Experience with ticketing and tracking systems
• Strong knowledge of networking protocols and topologies, as well as network analysis
• Intermediate understanding of malware analysis
• Analytical, problem solving, critical thinking skills
• Strong understanding of OS and network auditing

Responsibilities

• Respond to incidents within client environments. Perform investigation, recovery, and reporting of such incidents
• Travel onsite when required
• Provide subject matter expert guidance to the Security Analysts
• Monitor incoming alerts, reports, and metrics from a variety of a systems to perform triage
• Perform automated or manual patching of discovered vulnerabilities or misconfigurations
• Clearly explain event sources and resolutions to clients
• Clearly document steps taken
• Follow documented procedures to drive resolution
• Make recommendations for improvements to processes and tools

Preferred Qualifications

• Knowledge of scripting languages (PowerShell, batch, etc.) a plus
• Knowledge of compliance frameworks (HIPAA, PCI, Title 23 NYCRR 500, NIST SP 800-171, etc.) a plus
• Security+, E|CIH, & GCIH certifications (or equivalents) all preferred