Cyber Threat Detection - Active Defense Analyst

About The Position

Requirements

• 6+ years of relevant experience in one or more of the following areas: threat intelligence, intrusion analysis, incident response, malware analysis, security and network operations, penetration tester, or similar roles.
• Demonstrated understanding of the threat intelligence life cycle, network threats, attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques and procedures (TTPs).
• Knowledgeable in security incident response process, procedures, and life-cycle, including performing security audits as part of red team
• Good understanding of both Windows and Unix/Linux based operating systems
• Understanding of IP networking concepts, to include addressing, routing, common protocol usage, use of proxies, load balancers, firewalls, routers, and switches in network architecture.
• Global mind-set for working with different cultures and backgrounds
• Demonstrated integrity and judgment within a professional environment
• Ability to appropriately balance work/personal priorities
• Teaming skills as well as ability to work independently on taskings
• Good social, communication, and writing skills
• Associates Degree and/or any of the following certifications: GPEN, CISSP, Security+, GCIH, OSCP, GCFE, CFCE, other relevant GIAC certs.
• Familiarity with EDR, SIEM, Scripting, Malware Analysis.

Nice To Haves

• Some hands-on experience as an administrator configuring one or more of SIEM, Endpoint Protection, Vulnerability Scanners, or Data Loss Prevention
• Proficient with one or more scripting languages such as Perl, Python, PowerShell etc. in a threat intelligence or incident response environment

Responsibilities

• Perform research and analysis of attacker techniques and methodologies, and emulate those attacks in a collaborative and controlled environment
• Identify security breaches through ‘Hunting’ operations within a SIEM, full packet capture, EDR, and other tools and treat intelligence
• Identify patterns consistent with sophisticated attacker methodologies, and report on security concerns as they are escalated or identified.
• Analyze artifacts collected during a security test or passive investigation.
• Communicate with server owners, system custodians, and IT contacts to pursue security testing activities, including: obtaining access to systems, digital artifact collection, and containment and/or remediation actions
• Create presentations in MS Word, PowerPoint, and/or Excel that support findings
• Maintain, manage, improve and update security testing process and protocol documentation
• Assist in analyzing findings, and develop fact based reports
• Identify means to disrupt attacker actions, and enhance defender response capabilities.

Benefits

• We offer a comprehensive compensation and benefits package where you’ll be rewarded based on your performance and recognized for the value you bring to the business.
• The base salary range for this job in all geographic locations in the US is $128,100 to $239,600.
• The base salary range for New York City Metro Area, Washington State and California (excluding Sacramento) is $153,800 to $272,300.
• Individual salaries within those ranges are determined through a wide variety of factors including but not limited to education, experience, knowledge, skills and geography.
• In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options.
• Under our flexible vacation policy, you’ll decide how much vacation time you need based on your own personal circumstances.
• You’ll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.