The Incident Response Engineer works to consistently maintain situational awareness required to identify and verify security incidents. Analyze, document and report on security incidents through the Incident Attack Lifecycle.
- Ensures that incident documentation is comprehensive and accurate. Completes all relevant fields in incident tracking database and closes ticket.
- Develops and documents security event and incident handling procedures into Playbooks.
- Creates Splunk dashboards to display IR’s metrics.
- Creates dashboards that help identify possible malicious trends.
- One or more professional security certifications such as CISA or CISSP (or equivalent).
- Experience with scripting languages such as Python.
- Experience with Network IDS.
- Experience configuring TAPs/SPANs.
- Experience with Network Security Monitoring technologies.
- Experience with PCI DSS.