Senior Security Analyst ( incident management , EDR , SIEM etc.)
In your capacity as a Senior ThreatOps Analyst at Ivanti, you will serve as an indispensable member of our ThreatOps team, propelling our cloud security efforts to new heights. Your core role will involve active participation in security incident response, where your deep expertise will be instrumental in effectively managing and mitigating security incidents across both Ivanti's cloud and on-premises environments. Your primary focus will be on reinforcing our security posture, elevating our incident response capabilities, crafting detection content to enhance our security detection mechanisms, and aggregating invaluable threat intelligence. This role stands as a linchpin in safeguarding the resilience and security of Ivanti's infrastructure and services, encompassing both cloud and on-premises aspects.
- Minimum of 5 years of hands-on experience in incident response, with a focus on Azure & AWS cloud environments.
- Experience with incident response tools and technologies, including Azure Security Center, Microsoft O365, Guard-Duty, and SIEM solutions.
- Monitor Azure environments for security incidents, assess their severity, and initiate the incident response process.
- Develop and maintain incident response plans and playbooks specific to Azure environments.
- Conduct investigations into major and critical security incident affecting Ivanti.
- Proactively hunt for threats within Ivanti Infrastructure and identify advanced persistent threats (APTs).
- Possess extensive knowledge of security concepts including cyber-attacks, techniques, threat vectors, risk management and incident management.
- Solid understanding and experience in EDR, Networks, IPS/IDS, Mail Gateways and SIEM.
- Experience in handling / managing cyber security incidents and using security tools / SIEM to analyze and recommend counter measures.
- Evaluate new technologies and processes that enhance security capabilities.
- Assist in post-incident analysis and documentation to improve incident response processes.
- Knowledge of scripting languages (e.g., Python, PowerShell) for automation and tool
- Stay updated on the latest trends and developments in cloud security and related Collaborate with cross-functional teams to prioritize and address identified vulnerabilities.
- Support the Digital Forensic & Investigations Team in high tech investigations in the form of electronic evidence, computer forensic analysis, e-mail analysis, data recovery and network assessments in support of our Legal, Talent, Confidentiality, and Insider Threat organizations.
Qualifications and Skills:
- Bachelor's degree in Computer Science, Information Security, or a related field.
- Strong understanding of cloud computing concepts and familiarity with major cloud platforms (AWS and Azure).
- Basic knowledge of networking protocols, security technologies, and security frameworks.
- Familiarity with common security vulnerabilities, threats, and attack vectors.
- Experience with security tools such as vulnerability scanners, SIEM, IDS/IPS, and antivirus systems is a plus.
- Knowledge of scripting languages (e.g., Python, PowerShell) for automation and tool development.
- Strong analytical and problem-solving skills, with an attention to detail.
- Excellent communication skills, both written and verbal.
- Ability to work effectively both independently and within a team.