ADT Inc.
Cybersecurity Lead Incident Response Analyst
ADT Inc., Blue Bell, PA
Job Description
Summary:
The Lead Cybersecurity Incident Response Analyst provides strong response and offensive security expertise while supporting the day-to-day operations of the incident response team. This role bridges tactical execution and strategic planning, working closely with both the Incident Response Manager and analyst team members to ensure effective incident preparation, detection, response, and recovery.
Key Responsibilities:
Preferred Experience and Skills:
Education:
Compensation & Benefits:
The salary range for this role is $74,400.00 - $111,600.00 and is based on experience and qualifications.
Certain roles are eligible for annual bonus and may include equity. These awards are allocated based on company and individual performance.
We offer employees access to healthcare benefits, a 401(k) plan and company match, short-term and long-term disability coverage, life insurance, wellbeing benefits and paid time off among others. Employees accrue up to 120 hours in their first year. Your accrual rate increases after your first year. We also offer 6 paid holidays.
Anticipated application end date will be on 1/20/2024.
Summary:
The Lead Cybersecurity Incident Response Analyst provides strong response and offensive security expertise while supporting the day-to-day operations of the incident response team. This role bridges tactical execution and strategic planning, working closely with both the Incident Response Manager and analyst team members to ensure effective incident preparation, detection, response, and recovery.
Key Responsibilities:
- Provide technical leadership and mentoring to incident response analysts while handling complex security incidents.
- Lead triage and analysis of complex security events, determining severity and directing appropriate response actions.
- Monitor and triage security alerts from various detection tools and the Managed Detection and Response (MDR) platform to identify potential security incidents.
- Conduct initial analysis of security events and escalate potential incidents according to established procedures.
- Execute incident response procedures during all phases: detection, analysis, containment, eradication, and recovery.
- Lead the technical aspects of an offensive security program:
- Design, scope, and execute red team and purple team exercises.
- Develop advanced adversary emulations that reflect realistic threat scenarios.
- Review and approve testing methodologies.
- Innovate bug-bounty and other vulnerability discovery programs.
- Conduct controlled penetration tests and manage third party vendors.
- Perform security tool bypass testing to validate detection capabilities.
- Document incident details, maintain case records, and quality assure team incident reports and metrics.
- Lead the incident response team's contributions to post-incident reviews.
- Assist in testing and maintaining incident response procedures and playbooks.
- Help maintain and optimize security monitoring tools and detection rules.
- Develop scenarios for and help coordinate incident response training exercises and drills.
- Act as technical liaison with other security teams and IT stakeholders during major incidents.
- Conduct advanced forensic analysis for complex incidents.
- Support the maintenance of relationships with the MDR vendor by tracking and documenting service delivery.
Preferred Experience and Skills:
- 3-5 years of hands-on cybersecurity experience with focus on incident response.
- Demonstrated experience with security monitoring, incident response and forensics tools.
- Ability to work in a fast-paced environment and handle multiple priorities.
- In-depth familiarity with common attack techniques and incident response procedures in enterprise environments, with some experience of Operational Technology (OT).
- Hands-on experience with security tools such as EDR, SIEM, and network monitoring solutions.
- Advanced knowledge of offensive security tools, methodologies, and attack frameworks (MITRE ATT&CK).
- Experience leading technical teams or coordinating security projects.
- Strong understanding of enterprise security architecture.
- Excellent problem-solving and analytical skills.
- Proven ability to mentor and develop technical team members.
- Excellent documentation and technical writing abilities.
- Superior communication skills with both technical and non-technical audiences.
- Strong ethical standards and understanding of security testing boundaries.
Education:
- Bachelor's degree in information technology, cybersecurity, computer science, or a related field.
- Equivalent combination of education and relevant experience may be considered.
Compensation & Benefits:
The salary range for this role is $74,400.00 - $111,600.00 and is based on experience and qualifications.
Certain roles are eligible for annual bonus and may include equity. These awards are allocated based on company and individual performance.
We offer employees access to healthcare benefits, a 401(k) plan and company match, short-term and long-term disability coverage, life insurance, wellbeing benefits and paid time off among others. Employees accrue up to 120 hours in their first year. Your accrual rate increases after your first year. We also offer 6 paid holidays.
Anticipated application end date will be on 1/20/2024.