Job Description
The Job
WarnerMedia seeks a Incident Response Analyst for the WM - ISO - Security Ops & Arch department. The IR analyst will be responsible for being the first responder to escalated security alerts from our Security Operations Center. This analyst will also be accountable for supporting the development of new threat detection rules into the AT&T/WM security ecosystem.
The Daily
• First responder to investigate escalated security events
• Participate as a part of a larger incident response team, providing analysis and support to the incident commander
• Perform basic system forensics, including, but not limited to, host log and EDR analysis.
• Perform basic network forensics, including, but not limited to, network logging and PCAP analysis.
• Support cloud system forensics, including, but not limited to, log analysis and cloud host analysis.
• Analyze and report on actionable threat intelligence
• Develop new security detection uplifts to enhance the security protections across WarnerMedia.
• Responsible for the creation and updating of incident response processes for WarnerMedia
• Support the remediation efforts for security incidents
• Document and communicate findings and after-action reports
• Generate reports and create documentation
The Essentials
• 3-5 years of technical cybersecurity experience in Incident Response, Security Operations, Threat Intelligence, etc.
• Mastery of at least 2 of the following: SIEM analysis, cloud environments, Host Forensics, Network Forensics, Malware Reversing, Intrusion Detection, Anomaly Detection, Threat Research
• Excellent analytical and problem solving skills.
• Knowledge of Windows, OSX and or *nix operating systems
• Ability to lead root cause analysis of problems.
• The ability to learn new technology and concepts quickly
• Ability to manage multiple priorities in a high pressure environment.
• Familiarity with Linux, Windows, MacOS and forensic evidence concepts
• Knowledge of malware families and network attack vectors.
• Knowledge about Exploits, vulnerabilities, network attacks
• Knowledge of web applications and APIs
• Scripting (Perl, python, PowerShell, bash), RegEx and PCRE experience is desirable.
• Familiarity with static and dynamic malware analysis.
• Experience with Firewalls, Intrusion Detection Systems, Antivirus Systems
• Experience performing log analysis from a variety of sources
• Familiarity with cloud environments
• Familiarity with CDNs a plus.
• Experience with Data Analytics a plus
• Effective in collaboration with teams in remote locations
Jobcode: Reference SBJ-gx3x6o-3-81-165-210-42 in your application.