CSIRT L3 ANALYST

Job Summary:

The CSIRT L3 Analyst is a seniorlevel position responsible for leading the identification assessment and response to complex cybersecurity incidents. This role requires deep technical expertise advanced threat intelligence capabilities and strong leadership skills to coordinate incident response efforts and minimize the impact of security incidents on the organization.

Key Responsibilities:

Incident Response:

• Lead the response to highseverity cybersecurity incidents including containment eradication and recovery.
• Coordinate with internal and external stakeholders to ensure effective communication and response actions.
• Conduct thorough postincident analysis to identify root causes impact and lessons learned.

Threat Detection and Analysis:

• Monitor security alerts from various sources including SIEMs IDS/IPS firewalls and endpoint detection tools.
• Perform indepth analysis of network traffic logs and other security data to identify potential threats.
• Develop and maintain advanced detection use cases and playbooks.

Forensics and Malware Analysis:

• Conduct digital forensics investigations to gather and preserve evidence for potential legal proceedings.
• Perform malware analysis to understand the behavior impact and mitigation strategies for discovered malware.
• Collaborate with law enforcement and other external entities as needed.

Threat Intelligence:

• Collect and analyze threat intelligence from multiple sources to stay ahead of emerging threats.
• Integrate threat intelligence into incident response and detection processes.
• Share relevant threat information with internal stakeholders and peers.

Security Tools and Technology:

• Maintain and enhance the organizations security tools and technologies.
• Evaluate and recommend new security solutions to improve incident detection and response capabilities.
• Ensure security tools are properly configured updated and integrated.

Training and Development:

• Mentor and train junior CSIRT members and other IT staff on security best practices and incident response techniques.
• Develop and deliver training sessions and tabletop exercises to improve organizational readiness.

Documentation and Reporting:

• Maintain detailed documentation of incidents analysis and response actions.
• Create and present incident reports to management and other stakeholders.
• Develop and update incident response policies procedures and guidelines.

Qualifications:

• Minimum of 57 years of experience in cybersecurity with at least 3 years in incident response or a similar role.
• Experience with digital forensics malware analysis and threat intelligence.
• Bachelors degree in Computer Science Information Security or a related field. Masters degree preferred.
• Relevant certifications such as CISSP CISM GIAC (GCIH GCFA GCFE) CEH or equivalent are highly desirable.
• Proficiency with security tools and technologies (e.g. SIEM EDR IDS/IPS firewalls packet analysis).
• Strong knowledge of networking operating systems and common attack vectors.
• Experience with scripting and automation (e.g. Python PowerShell) is a plus.
• Excellent analytical and problemsolving skills.
• Strong communication and interpersonal skills.
• Ability to work independently and as part of a team.
• Detailoriented with a strong focus on accuracy.

Vertical:

Technology

Remote Work :

No