Incident Response Analyst – Cybersecurity Operations Detection & Response – Global SOC L3 Response

Incident Response Analyst – Cybersecurity Operations Detection & Response – Global SOC L3 Response

Requirements

• Advanced proficiency in computer networking concepts, protocols, and network security methodologies.
• Strong expertise in analyzing and mitigating cyber threats and vulnerabilities.
• Advanced competence in authentication, authorization, and access control methods.
• Proficiency in utilizing and developing intrusion detection methodologies and techniques for detecting host and network-based intrusions.
• In-depth knowledge of system and application security threats and vulnerabilities, with the ability to develop and implement mitigation strategies.
• Advanced understanding of network attacks, their relationship to threats and vulnerabilities, and the ability to develop countermeasures.
• Proficiency in adversarial tactics, techniques, and procedures, with the ability to anticipate and counteract them.
• Expertise in conducting eDiscovery and forensic investigations, including the collection, preservation, analysis, and presentation of digital evidence in support of incident investigations.
• Comprehensive knowledge of the stages of a cyber-attack and the ability to develop and implement defense strategies at each stage.
• Proficiency with Windows, MacOS, and/or Linux operating systems, with the ability to perform advanced security configurations and troubleshooting.
• Experience in leading and mentoring junior analysts, providing guidance and support to enhance their skills and performance.
• Ability to develop and implement advanced threat detection and response strategies.
• Effective communication skills, with the ability to provide detailed reports and recommendations to senior management.

Responsibilities

• Identify, analyze, and report cybersecurity events, ensuring the protection of McDonald’s information assets.
• Support the Incident Response process, responding to crisis situations, and mitigating immediate and potential cyber threats.
• Coordinate with other Cyber Operations teams to identify and report on security incidents as they occur and oversee end-to-end remediation.
• Triaging security events, network and endpoint analysis, malware reverse engineering, threat hunting, vulnerability escalation, and resolving security incidents from detection to remediation.
• Create and implement standard operating procedures, playbooks, and processes to help streamline response monitoring, investigations, and analysis research.
• Continuously monitor and analyze system activity using security operations tools to identify malicious activity.
• Characterize and analyze network traffic and logs to identify potential threats to McDonald’s assets.
• Provide timely detection, identification, and analysis of possible attacks and intrusions, differentiating them from benign activities and reviewing tuning recommendations to improve alert efficacy.
• Collaborate with key stakeholders to validate security events and provide security response expertise to remediate cyber security incidents.
• Perform event correlation to gain situational awareness and assess the effectiveness of observed attacks.
• Conduct security operations and incident response trend analysis and reporting.
• Develop and implement remediation plans in conjunction with incident response requirements.
• Support threat hunting efforts across market networks, identifying indicators of compromise (IOCs) and evidence of compromise.

Preferred Qualifications

• Professional certification such as GIAC, GCIH, GCIA, ITIL, GCFE, GCFA
• Familiarity with NIST Risk Management Framework and NIST Cybersecurity Framework, Cyber Kill Chain.
• Experience working with case management tools, SOAR, email security solutions, SIEM, and EDR technologies, along with forensic tooling like autopsy, velociraptor, ghidra.
• Experience working with complex multinational companies and distributed business models.
• Experience developing automation through scripting languages such as Python.