Incident Response Analyst - Erlanger, KY

Job Description Incident Response Analyst - Greater Cincinnati, OH area, or ADM IT HubsThis is a salaried exempt position.Position Summary:Under general supervision, the Incident Response analyst will work in the Cyber Threat Action Center (CTAC) and work directly with Cyber Threat Intelligence, Attack Surface Management, and other IT teams to investigate and validate escalated security events and perform incident response activities using established processes and procedures.Job Responsibilities:Provide analysis and trending of security log data from enterprise security devices & systemsProvide Incident Response (IR) support when analysis confirms security incident to help contain and eradicate threats;Perform incident triage, incident response, and forensic investigations across endpoints and cloud environmentsConduct technical examinations of computer based evidence include logs, packet captures, SIEM & IDS events, disk forensics, malware analysis, and moreDocument incidents from initial detection through final resolution, and present the findingsAssist with threat and vulnerability analysis, monitoring, and mitigationInvestigate, document, and report on information security issuesCoordinate with Cyber Intel analysts on open and closed source activities impacting CompanyIntegrate and share information with other analysts and other teamsWork with SIEM administrators to build detections to help proactively identify real world threats across a broad range of technologies and log sourcesAssist with creation and maintenance of standard processes and operating procedures and incident response playbooksAbility to work in a hybrid managing services environment utilization various partnersAbility to lift 50 lbs. and detect color coded eventsJob Requirements:3+ years' experience in cyber incident response, or an equivalent work experience.Strong knowledge of IT, computer science concepts.Bachelors' degree in IT related major, Information Security Major, or equivalent work experience.Experience using Windows and Linux to perform tasks and some administration capability.Experience using IDS/IPS, WAF, and SIEM.Ability to prioritize work using the guidance of leadership.Proven experience in disk forensics, static and dynamic malware analysis, packet analysis.Proven experience in technical and non-technical techniques used by cyber adversaries to attack and achieve their cyber goals.Ability to communicate and collaborate effectively with other team members in a geographic and culturally diverse workforceExpected to work occasional nights, weekends, holidays, and overtime.Expected to perform on-call duties.Occasional travel may be required.Strong sense of professionalism and ethics.Desired Skills:CISSP, SANS certifications, or security related CompTIA certifications, or other industry certifications a plus.Experience with incident response in SCADA, DCS, or PLC environments is a plusExperience with incident response in SAP is a plusExcited about this role but don't meet every requirement listed? Studies show that often applicants will self-select out if they don't check every box. We encourage you to apply anyway. You may be just the right candidate for this role or another one of our openings.ADM requires the successful completion of a background check. REF:89152BR