INCIDENT RESPONSE ANALYST - IT SECURITY (JR226222)

IntroductionTo heal, to teach, to discover and to advance the health of the communities we serve.

To learn more about the “Montefiore Difference” – who we are at Montefiore and all that we have to offer our associates, please click here .

OverviewThe Incident Response Analyst is responsible for responding to cybersecurity incidents, conducting in-depth malware analysis, and utilizing forensic tools to investigate and mitigate threats. This role involves identifying and analyzing security incidents, determining their impact, and implementing corrective actions to safeguard the organization’s information systems. The Incident Response Analyst works closely with Incident Response Engineers, Threat Detection Analysts and other cybersecurity teams to ensure a coordinated and effective response to security threats.

Responsibilities

• Monitor security alerts and notifications from various security tools to identify potential incidents.
• Respond to security incidents by following the organization’s incident response procedures.
• Perform initial triage of security incidents, including assessing the scope, severity, and potential impact.
• Collaborate with other teams to contain and mitigate incidents, ensuring minimal disruption to business operations.
• Document all actions taken during the incident response process in detailed incident reports.
• Analyze suspicious files, emails, and URLs to determine whether they contain malware.
• Perform dynamic and static malware analysis to understand the behavior and functionality of malicious code.
• Identify indicators of compromise (IOCs) associated with malware and develop detection signatures for review by Incident Response Engineers.
• Reverse-engineer malware to uncover its components, behavior, and potential impact on the organization.
• Provide recommendations for remediation and protection against similar threats in the future.
• Utilize digital forensic tools to investigate compromised systems and identify the root cause of incidents.
• Collect, preserve, and analyze digital evidence in compliance with legal and regulatory requirements.
• Conduct memory, disk, and network forensics to uncover the extent of an attack and the methods used by the attacker.
• Assist in post-incident investigations, including gathering evidence, preparing forensic reports, and supporting legal actions if necessary.
• Communicate findings, analysis results, and recommendations to technical and non-technical stakeholders.
• Participate in incident post-mortem meetings to review the effectiveness of the incident response process and identify areas for improvement.
• Maintain and optimize the tools used for incident detection, malware analysis, and forensic investigations.
• Stay current with the latest developments in cybersecurity tools, techniques, and best practices.
• Contribute to the development and refinement of incident response playbooks and procedures.
  
  

Requirements

• Strong understanding of cybersecurity concepts, including threat detection, malware analysis, and digital forensics.
• Proficiency in using malware analysis tools such as IDA Pro, OllyDbg, and Ghidra.
• Experience with forensic tools like EnCase, FTK, Autopsy, and Volatility.
• Familiarity with SIEM (Security Information and Event Management) systems, IDS/IPS (Intrusion Detection/Prevention Systems), and EDR (Endpoint Detection and Response) solutions.
• Knowledge of operating systems (Windows, Linux, macOS) and network protocols.
• Ability to analyze complex security incidents, determine the root cause, and implement effective remediation strategies.
• Strong analytical skills to dissect and understand the behavior of malware.
• Attention to detail in forensic investigations to ensure accurate and reliable results.
• Experience with scripting languages (e.g., Python, PowerShell) for automating malware analysis and forensic tasks.
• Ability to develop custom scripts to enhance incident response capabilities.
• Excellent written and verbal communication skills, with the ability to document incidents and communicate technical details to diverse audiences.
• Strong reporting skills, including the ability to create detailed and actionable forensic and incident response reports.
  
  

Required Experience

• Experience: 3-5 years of experience in cybersecurity, with a focus on incident response, malware analysis, and digital forensics.
• Experience in Incident Response: Hands-on experience in detecting, responding to, and mitigating security incidents.
• Experience in Malware Analysis: Proven expertise in analyzing and reverse-engineering malware.
• Experience in Forensics: Extensive experience using forensic tools to investigate security breaches and conduct post-incident analysis.
  
  

Education

• Associate’s degree or equivalent experience in Computer Science, Information Security, Cybersecurity, or a related field.
• Preferred: Bachelor’s Degree in Cybersecurity or related discipline.
• Certifications (Preferred but not required):
• GIAC Certified Incident Handler (GCIH)
• GIAC Reverse Engineering Malware (GREM)
• Certified Information Systems Security Professional (CISSP)
• Certified Forensic Computer Examiner (CFCE)
• Certified Ethical Hacker (CEH)
• SANS FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics