Cyber Research

**Position Summary**:
As a Cyber Research & Response Analyst, you will be responsible for providing exceptional service to customers subscribed to Difenda C3 services. Working in close partnership with C3 leadership, you will provide L3 support to the SecOps Analyst team, ensuring that customer Managed Detection and Response (MDR) services are delivered to the highest of standards. You will support the execution of threat event lifecycle management, Threat Hunting, Threat Intelligence, and Incident Response activities. You will provide escalated level support to the SecOps Analyst team and act as an escalation point for both the internal team and customers. You will lead high severity security incident investigations and provide remote response support to customers. You will support ongoing service enhancement delivery through collaboration with development teams and hands-on Difenda Lab discovery work. You will support customer communications, including recurring and ad hoc customer calls, operational reviews, and quarterly executive debriefs. Hours of work are Monday to Friday - 7.5 hours daily or as required. After-hour escalation duties will be required.

**Position Responsibilities**:

- Provide technical guidance and mentorship to SecOps Analysts
- Lead the delivery of Managed Detection & Response (MDR) service processes, including threat event lifecycle management, Threat Hunting, and Threat Intelligence activities
- Lead escalated event and incident investigations and customer response support
- Actively execute Threat Hunting and other proactive activities in customer environments
- Provide proper and intelligence Incident Handling during active Incident Response engagements
- Support the implementation and maintenance of Threat Intelligence practices, including IOC integration into MDR services and providing customer specific tactical and C-Level threat intelligence briefs
- Develop, execute, and train staff on MDR service threat triaging, Threat Hunting, and Threat Intelligence processes
- Enforce standards and processes to ensure high quality MDR service delivery (e.g. case management standards)
- Work closely with the Cyber Research & Response Development teams to iteratively enhance MDR and other managed security services
- Support customer service communications, including operational and executive level meetings and reporting
- Identify, develop, communicate and implement process improvements to streamline C3 practices and enhance the customer experience

**Qualifications**:

- Minimum of 5 years of IT security related work experience required
- College Diploma or University Degree, preferably in technology, required
- Strong technical experience in the execution of security operations processes, including threat event lifecycle management, Incident Response, Forensic Investigations, Threat Hunting, and Threat Intelligence activities
- Strong technical expertise with security operations technologies including but not limited to SIEM, EDR, Threat Intelligence, and SOAR platforms
- Certifications in digital forensics and incident response, such as GIAC GCFA, GCIH, GREM strongly preferred
- Experience with some of the following technologies preferred:

- Azure Sentinel
- Microsoft Defender for Endpoint
- Microsoft 365 and Azure security services
- Splunk
- SentinelOne
- Experience working with security operations teams required
- Strong background in customer service and communications required
- Strong presentation development and delivery skills required
- Familiarity with Agile methodologies such as Lean, Scrum and Kanban preferred
- Strong ability to communicate and document clearly and effectively
- Ability to follow processes and guidelines
- Ability to work with all levels of staff
- Ability to take personal initiative and observe confidentiality
- Ability to work with internal and external vendors in a professional manner
- Ability to multi-task in a fast-paced environment