Cyber Security Incident Responder

U.S. Bank is seeking a Cyber Security Incident Responder with incident response and threat detection experience to contribute toward the success of our technology initiatives & cyber defense posture. The Threat Detection & Incident Response Team is tasked with performing daily operational real-time monitoring and analysis of security events from multiple sources including but not limited to events from Security Information Event Monitoring tools (SIEM), network and host based intrusion detection systems, firewall logs, system logs (Unix & Windows), Cloud, mainframes, midrange, applications and databases.

The team also provides 2nd level support & operational duties for antivirus & malware support, fraud investigation, data loss prevention remediation, rogue device review and reporting, metrics & process creation review.

Main Duties

* Perform network, host, and memory forensic analysis on various operating systems and applications.

* Analyze advanced malware samples and remediate threats to users and assets.

* Technical resource for GSOC Operations during all shifts.

* Correlate data from intrusion detection and prevention systems with data from other sources such as firewall, web server, and DNS logs in order to identify misuse, malware, or unauthorized activity on monitored networks. Communicating and escalate issues and incidents as required by process and/or management.

* Monitors and investigates DLP and endpoint events; Utilizes and understands AV, Fraud, and/or other signature matching technologies.

* Maintain an understanding of the current vulnerabilities, response, and mitigation strategies used in security operations.

* Participates in the computer security incident response team efforts and other security investigations activities as assigned.

* Assisting in building SOC and CSIRT processes, procedures, and training.

* Creating and enhancing standard operating procedures and technical guides.

* Assist in the creation and tuning of network and host detection signatures based on user behavior analysis and threat intelligence.

* Stay abreast of current technologies, developments, security compliance requirements, standards and industry trends in order to help achieve the goals of the department.

* Work with compliance teams to support security and privacy audits and helps develops a mitigation strategy. Works to obtain and compile necessary documentation and evidence for all external and internal security audits and assessments.

* Works to obtain and compile necessary documentation and evidence for all external and internal security audits and assessments.

Basic Qualifications:

* Bachelor's degree or equivalent work experience

* At least 4 years of experience with processes, tools, techniques and practices for assuring adherence to standards associated with accessing, altering and protecting organizational data.


* 4 years of experience performing network forensic investigations.

* Experience with memory analysis on Windows, Linux and other various operating systems.

* Intermediate skills using Windows CMD line, Powershell, and Linux Bash.

* Experience drafting and implementing SOC/IR documentation enhancing day to day operations and development of security analysts.

Preferred Skills/Experience:

* Knowledge of cyber threat groups, hacking tools and techniques.

* Strong knowledge of common operating systems and file systems for Windows and UNIX as well as enterprise architecture.

* Strong knowledge of network protocols and network devices such as routers, switches, proxy servers, VPN, intrusion detection systems, TCP/UDP concepts, general IP networking, encryption and tunnels.

* Background in log analysis for network devices, servers (i.e. web servers) and clients.

* Experience with sandbox environments, reverse engineering and current malware forensics a plus.

* Experience with cyber threat intelligence methodologies.

* Understanding of penetration, ethical hacking and vulnerability assessment tools/technologies.

* Understanding of HTML, JavaScript, ASP and database query languages such as MySQL or Microsoft SQL desired.

* Maintain knowledge of law, regulations, and technology advancement related to cyber threat intelligence or incident response functions.

* Advanced Proficiency in Windows Office Suite (Word, Excel, PowerPoint, Visio, and SharePoint).

* Excellent communication skills, both oral and in written