Incident Response Analyst

לעמוד הבית >
קוד משרה: JB-70072840 מיקום גיאוגרפי: חיפה והקריות עיר: חיפה

תיאור המשרה

The Incident Response Analyst position is responsible for detecting, investigating, and assessing cybersecurity threats and incidents across the Elbit Systems environment The Incident Response Analyst works among a team with skilled members to address complex and challenging security issues and crises as needed within the Digital Forensics and Incident Response environment
As an incident response analyst, the responsibility is to be part of a growing DFIR team who needs to provide responses to every security incident across the Elbit Systems environment
: Below are the responsibilities points
Provide expertise in incident response, forensic and 
malware analysis
Develop, document, and implement runbooks,
 capabilities, and techniques for IR
Perform analysis on workstations, servers, and network infrastructure.
Identify and analyze malware using live forensics, hard drive forensics, sandboxes, and reverse engineering
Identify indicators of compromise and apply them to the incident response process
Perform activities necessary for immediate containment and short-term resolution of incidents
Maintain current knowledge and understanding of the threat landscape, emerging security threats, and vulnerabilities
Coordinate and drive efforts during response activities and post-mortem
Participate in after-hours on-call when required
Determine the root cause of complex information security incidents
Recognize and codify attacker tools, tactics, and procedures (TTPs) in indicators of compromise (IOCs) that can be applied to current and future investigations

דרישות המשרה

4+ years overall Cloud & IT Infrastructure
2+ years' experience as part of an incident response team or other Operational Security Analyst teams (CSIRT, DFIR, Malware Analysis, etc.)
Good knowledge of IR, forensics, and investigation by common standards: SANS, NIST
Knowledge of common DFIR tools, disk and memory collection & analysis, and Memory & Network dump
Strong knowledge of Linux/UNIX & Windows operating systems
Good experience in Cloud security vendors (Azure, etc.) 
Hands-on experience in Security platforms such as EDR, SIEM, and SOAR
Knowledge of search techniques, alerts, dashboards, and report building
Working knowledge of complete packet analysis
Understanding at least one common scripting language
An ability to work exceptionally well under pressure
Strong collaborative skills and proven ability to work in a diverse global team of security professionals
Strong verbal and written skills

*Designated for both men and women