Incident Response Analyst Team Lead

Summary

Join Thrive's expanding security team as an experienced Incident Response Analyst Team Lead. Lead incident response efforts, mentor analysts, and enhance customer security by preventing, detecting, analyzing, and responding to cybersecurity incidents. Handle high-priority incidents, refine response processes, and mentor team members. The ideal candidate possesses leadership, technical expertise, and a passion for incident response and forensics. This pivotal role involves utilizing cutting-edge technology and robust processes to ensure operational excellence. Thrive offers a work hard, play hard environment with guidance, training, and experience to build a lucrative career.

Requirements

• Demonstrated experience in incident handling, escalation management, or leading high-priority incident investigations
• Demonstrated expertise in best security practices and incident response methodologies
• Advanced knowledge of: Security Information and Event Management (SIEM) tools
• Networking (TCP/IP, routing, and switching)
• IDS/IPS, penetration testing, and vulnerability assessments
• Windows, UNIX, and Linux operating systems
• Network protocols and packet analysis tools
• Endpoint Detection and Response (EDR), antivirus, and anti-malware tools
• Content filtering and email/web gateways
• Hands-on experience in forensics, malware analysis, and intrusion detection
• Familiarity with industry frameworks such as MITRE ATT&CK and the Cyber Kill Chain
• Proven ability to communicate complex security issues to clients, peers, and management
• Strong analytical, problem-solving, and decision-making skills
• Adaptability to rapidly evolving situations and technologies
• Ability to participate in an on-call rotation for high-priority incidents

Responsibilities

• Provide mentorship, coaching, and guidance to SOC Analysts and Incident Response Analyst
• Foster collaboration across teams to enhance threat intelligence sharing and operational efficiency
• Act as a point of escalation for complex investigations and high-priority incidents
• Lead incident response and threat hunting efforts for confirmed high-priority security incidents, ensuring resolution and documentation
• Investigate intrusion attempts, differentiate false positives from actual threats, and perform in-depth analysis of exploits
• Proactively monitor and respond to emerging threats using advanced tools and methodologies
• Conduct forensic analysis, including memory and disk imaging, to identify evidence of compromise and attacker activity
• Collect, preserve, and analyze digital evidence to support investigations and potential legal actions
• Utilize forensic tools to uncover artifacts such as deleted files, malware remnants, and network traces
• Develop and maintain incident response playbooks, ensuring alignment with the overall security strategy
• Conduct regular reviews and updates of playbooks to address evolving threats and technologies
• Participate in tabletop exercises to validate and refine playbooks and incident response procedures
• Analyze SOC, SIEM, and EDR platform data to identify and escalate potential threats
• Collaborate with cross-functional teams to implement security best practices for internal and external clients
• Ensure adherence to Thrive’s security standards while recommending future enhancements to tools and workflows
• Utilize threat intelligence to identify potential security risks and proactively mitigate them
• Stay current on emerging threats, vulnerabilities, and adversarial tactics, techniques, and procedures (TTPs)

Preferred Qualifications

• Knowledge of common system calls and APIs for Windows and Linux/Unix environments
• Experience with programming languages relevant to security analysis and automation
• Understanding of internal file structures commonly associated with malware
• Experience in detection engineering and creating high-fidelity detection rules
• Advanced cloud security knowledge and expertise in investigating cloud-based intrusions
• Computer Hacking Forensic Investigator (CHFI)
• GIAC Certified Forensic Analyst (GCFA)
• GIAC Certified Forensic Examiner (GCFE)
• Certified Incident Handler (GCIH)