Job Information
ASM Research, An Accenture Federal Services Company Cyber Incident Response Tier II Analyst-Cloud in Austin, Texas
Work location: Austin, TX
Duties
Perform real-time monitoring and triage of security alerts in Cybersecurity toolsets including SIEM, and EDR
Make accurate determination of what alerts are false positives or require further investigation and prioritization
Lead and actively participate in the investigation, analysis, and resolution of cybersecurity incidents. Analyze attack patterns, determine the root cause, and recommend appropriate remediation measures to prevent future occurrences
Ensure accurate and detailed documentation of incident response activities, including analysis, actions taken, and lessons learned. Collaborate with knowledge management teams to maintain up-to-date incident response playbooks
Collaborate effectively with cross-functional teams, including forensics, threat intelligence, IT, and network administrators. Clearly communicate technical information and incident-related updates to management and stakeholders
Identify and action opportunities for tuning alerts to make the incident response team more efficient
Monitor the performance of security analytics and automation processes regularly, identifying areas for improvement and taking proactive measures to enhance their efficacy
Leverage Security Orchestration, Automation, and Response (SOAR) platforms to streamline and automate incident response processes, including enrichment, containment, and remediation actions
Support the mentoring and training of more junior IR staff
Stay informed about the latest cybersecurity threats, trends, and best practices. Actively participate in cybersecurity exercises, drills, and simulations to improve incident response capabilities
Requirements
Bachelor's degree in computer science, Cybersecurity, Information Technology, or a related field (or equivalent work experience)
3+ years of experience supporting incident response in an enterprise-level Security Operations Center (SOC)
A deep understanding of cybersecurity principles, incident response methodologies, and a proactive mindset to ensure our SOC operates effectively in a high-pressure environment.
Strong experience with security technologies, including SIEM, IDS/IPS, EDR, and network monitoring tools
Experience with enterprise ticketing systems like ServiceNow
Excellent analytical and problem-solving skills.
Ability to work independently and in a team environment to identify errors, pinpoint root causes, and devise solutions with minimal oversight.
Ability to learn and function in multiple capacities and learn quickly.
Strong verbal and written communication skills
Must currently have or be willing to obtain one of the following certifications (or equivalent):
GIAC Certified Incident Handler
EC-Council’s Certified Incident Handler (E|CIH)
GIAC Certified Incident Handler (GCIH)
Incident Handling & Response Professional (IHRP)
Certified Computer Security Incident Handler (CSIH)
Certified Incident Handling Engineer (CIHE)
EC-Council’s Certified Ethical Hacker
Telework options: Not at this time
Shift schedule:
Shift
Shift Days
Shift Time
2 nd
Sun-Thurs
1430-2300
2 nd
Tue-Sat
1430-2300
EEO Requirements
It is the policy of ASM that an individual's race, color, religion, sex, disability, age, gender identity, veteran status, sexual orientation or national origin are not and will not be considered in any personnel or management decisions. We affirm our commitment to these fundamental policies.
All recruiting, hiring, training, and promoting for all job classifications is done without regard to race, color, religion, sex, veteran status, disability, gender identity, or age. All decisions on employment are made to abide by the principle of equal employment.