Lead Security Analyst Job at Optomi in San Francisco
Optomi, San Francisco, CA, United States
Lead Security Analyst - Hybrid in Alexandria, VA
Optomi, in partnership with a company in the IT Media and broadcasting space is looking to add a Lead Security Analyst to their growing team! The Lead Security Analyst will handle all escalated alerts from the MSSP and investigate events of interest and incidents as they are validated, prioritized, and categorized by external teams. The Lead Security Analyst will investigate, contain, eradicate, and respond in a continued and unified effort to protect the confidentiality, integrity, and availability of the company, their partners’ and customers’ data and services.
What You Will Do:
- Lead in the Cyber Incident Response Plan process as the Cyber Incident Response Lead or Cyber Incident Commander, collaborating with cross-functional and geographically dispersed teams to identify, develop, and implement containment, eradication, and recovery strategiesIdentify, develop, and operationalize security operations metrics to assist in maturing and enhancing visibility and global security capabilities
- Continuously improve incident response processes through automations, standardizations, and tools development, customization and/or controls deployments
- Participate in post-incident activities including coordinating and providing input reports and identifying areas for continuous improvements within the GSOC enablement, processes, or technology
- Escalate tickets as required to Director for additional scrutiny and incident declaration
- Identify, approve, and implement blocking, listing and other mechanisms to promote a robust security posture
- Keep up to date with the latest security and technology developments, research/evaluate emerging cyber security threats and ways to manage them to proactively
- Participate in threat hunts, blue team/purple team activities by simulating real-world cyber-attacks to evaluate the effectiveness of security defenses and recommend improvements
- Be the escalation point for all junior analysts to aid and facilitate the accurate and expedient identification, verification, and remediation of security incidents. Mentor, coach and facilitate enablement opportunities to develop junior security analysts
What You Will Need:
- 6+ years of practical experience in leading incident response investigations, including malware analysis, and implementing containment strategies
- Experience in network, disk and memory forensics
- Experience with Splunk, EDR, email security, and cloud environments (GCP, AWS, and Azure)
- Knowledge and experience in developing automations using scripting languages like Python and PowerShell to automate various tasks and improve accuracy
Nice to have:
- Bachelor's degree in computer science or a related discipline
- CISSP, CCSP, GIAC or other relevant cyber security certifications
- Knowledge of the common attack vectors on the network layer, different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks)
- Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored)
- Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks)
- Thorough understanding of system and application security threats and vulnerabilities, enabling proactive identification and mitigation strategies to safeguard critical assets and data
- Experience working with a MSSP is preferred.
*This role is looking for someone open to working hybrid 2-3x per week.