JOB TYPE: Full Time, Permanent
SALARY: £20,000 - £29,999, £30,000 - £39,999, £40,000 - £49,999, £50,000 - £59,999
- Serve as a focal technical lead on incident events and incidents
- Provide technical, hands-on incident investigation and support and serve as a primary point of contact with management
- Lead the investigative process for network intrusions and other cyber security incidents to determine the cause and extent of cyber attacks
- Summarize events and incidents effectively to different constituencies such as legal counsel, executive management and technical staff, both in written and verbal forms
- Manage the chain of custody for all evidence collected during incidents, security, and forensic investigations
- Monitor for and investigate suspicious or malicious activity and alerts
- Ongoing review of SIEM dashboards, system, application logs, and custom monitoring tools
- Perform advanced malware and threat analysis
- Monitor and analyse SIEM, UBA, network traffic, Intrusion Detection Systems (IDS), security events and logs
- Prioritize and differentiate between potential incidents and false alarms.
- Lead and train Tier 1 and Tier 2 incident responders in the steps to take to investigate and resolve computer security incidents.
- Stay up to date with current vulnerabilities, attacks, and countermeasures.
- Perform Forensic analysis for incidents
- Perform QA on tasks assigned to Tier 1 & 2 staff.
- Malware detection and analysis.
- Attending/Running Incident related and Management calls
- Generating Reports and analysis of raw data.
- Providing feedback to Tier 1/2/3 staff
Qualifications / Requirements:
- Bachelor's degree in Computer Science/Information Security/similar major or 4+ years of related field experience
- 2+ years of work experience in Information Technology
- 5+ years of experience in security incident handling and forensics skills including knowledge of common probing and attack methods, network/service discovery, system assessment, viruses and other forms of malware.
- Experience mitigating and addressing threat vectors including Advanced Persistent Threat (APT), Distributed Denial of Service (DDoS), Phishing, Malicious Payloads, Malware, etc.
- Experience with Information Security technologies such as but not limited to SIEM, IPS/IDS, Vulnerability Management Software, User Behaviour Monitoring, Unstructured Data Monitoring tools or Internet Content Filters.
- Experience reading and understanding system data, including, but not limited to, security event logs, system logs, and firewall logs
- Strong understanding of network technologies such as TCP/IP, IDS/IPS, firewalls, LAN/WAN, routing and switching.
- Strong knowledge of the following platforms in an enterprise environment - Microsoft Windows, Solaris, Linux.
- his position requires strong analytical skills and attention to detail, which will allow advising on how best to respond to abnormal network/system behaviour.
- Must possess excellent written and verbal communication skills
- Travel (including international) may be required up to 15%.
- Evening and weekend hours expected during incidents
- Professional certifications such as CISSP,CEH,SANS GIAC
- Knowledge of offensive security techniques
- Knowledge of common security assessment frameworks such as MITRE ATT&CK Matrix, NIST, HITRUST, COBIT, etc.
- Expert scripting skill and experience with data analysis tools
• Any of the following professional certifications are a plus: CISSP - Certified Information Systems Security Professional. CEH - Certified Ethical Hacker, CompTIA Security +, SANS GIAC
• Microsoft, Linux, Networking or related certifications
• Knowledge of offensive security techniques
• Experience working in a global financial company
• Knowledge of common security assessment frameworks such as MITRE ATT&CK Matrix, NIST, HITRUST, COBIT, etc.
• Familiarity with scripting languages and data analysis tools
• Experience leading small teams
As a global business, Refinitiv relies on diversity of culture and thought to deliver on our goals. Therefore we seek hardworking, qualified employees in all our operations around the world-regardless of race, color, sex/gender, including pregnancy, gender identity and expression, national origin, religion, sexual orientation, disability, age, marital status, citizen status, veteran status, or any other protected classification under country or local law. Refinitiv is proud to be an Equal Employment Opportunity/Affirmative Action Employer providing a drug-free workplace.
Refinitiv makes reasonable accommodations for applicants and employees with disabilities. If a reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact us to request an accommodation. A full list of our office locations and contact information can be found at: Refinitiv Office Locations .
Be the breakthrough, activate your future and shape ours.
Role: Lead Incident Response Analyst
Job Type: Full Time, Permanent
Location: Saint Louis, OK, OK
Apply for this job now.