Incident Handler (Remote)

GoSecure is recognized as a leader and innovator in cybersecurity solutions. The company is the first and only to integrate an Endpoint and Network threat detection platform, Managed Detection and Response services, and Cloud/SaaS delivery. Together, these capabilities provide the most effective response to the increased sophistication of continuously evolving malware and malicious insiders that target people, processes and systems. With focus on innovation quality, integrity, and respect, GoSecure has become the trusted provider of cybersecurity products and services to organizations of all sizes, across all industries globally. To learn more, please visit: https://www.gosecure.net.

GoSecure offers a creative and challenging work environment, a competitive benefit package, and a great atmosphere to foster career growth. Come put your career on the leading-edge and bring your talents to a much sought-after high growth opportunity in technology- GoSecure!

Summary

Reporting to Manager of Incidence Response, the Incident Response Analyst (IR) plays a key, strategic and operational role in the development, management, and continuous improvement of IR service Delivery. This role also serves as an escalation point for significant security incidents and must be able to perform the necessary technical and managerial tasks to summarize incident related data. The Incident Response Analyst has the responsibility to perform technical analysis, document findings and recommendations, provide timelines and deliver updates and other communications to audiences ranging from internal teams and executives to our most discerning customers. The Incident Response Analyst is part of a team of security professionals whose core function is to provide continuous cybersecurity incident intake, triage, investigative response, and data analysis services for new and existing clients.

Duties and Responsibilities

• Primary point of contact for incident response and responsible for handling tasks related to Incident Response, Post-Breach Remediation and Restoration, including conducting initial analysis, identifying IOCs, escalation to the relevant business units, and managing post-incident activities.
• Responsible for supporting several technologies with the ability to perform advanced troubleshooting in real-time (packet captures, debugs, traffic analysis).
• Subject matter expertise to evaluate the risk in the context of the enterprise to mitigate risk and coordinate activities with other security teams including threat intelligence, penetration testers and product groups.
• Maintain technical documentation such as incident response processes, procedures and provide routine updates. Also, responsible for developing and delivering detailed technical reports in response to client needs.
• Develop a detailed Incident Response run book of tools, techniques and forensic methods for personnel to utilize during investigations.
• Provides mentoring to team members of incident response techniques and methodologies.
• Ensuring time recording and tracking is done regularly and timely to ensure improvement to incident tracking and metrics for ongoing investigations.
• Maintain existing relationships with insurers, legal partners, and any relevant business client.
• Serve as member of a 24x7/365 service delivery team responsible for incident response, post-breach remediation, and escalations, conducting complex investigations and troubleshooting to drive root cause resolution.

Requirements and Experience                 

• 2+ years experience in incident response or similar information security operations role.
• Ability to Travel on short notices (Up to 30% Travel Required)
• Maintain valid travel documents at all times.
• Bilingual (French and English), preferably written and spoke is a strong asset

Preferred Qualifications

• One or a combination of the following: GCIH, GCFE, GNFA, GREM
• Knowledgeable about modern security related subjects and trends, for example, Advanced Persistent Threat (APT), rootkits, Spear Phishing, and credential compromise techniques.
• Knowledge of security controls and incident response in a multi-platform environment including on-prem and cloud.
• Experience in security technologies (i.e., Incident case management, SIEM, SOAR, EDR, Intrusion Prevention, Digital Forensics)
• Proven ability to participate in large scale projects with high collaboration
• Excellent written and oral communications.
• Excellent judgment, decision making skills, and the ability to work under pressure.
• Excellent presentation skills and experience of presenting to senior management and senior leaders.
• Experience with Cloud Computing and technology.
• Experience with Unix/Linux, or work relating to OS internals or file-level forensics.