Incident Response Senior Associate

C offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).

The impact you will have in this role:

Being a member of the TRM (Threat Risk Management) you will work with the Cyber Blue Team Manager. As the Incident Response Senior Associate will be responsible for proactively detecting, analyzing, and responding to cyber security events. As a technical lead, you lead detecting, investigating, and responding to cyber security events in the organization. You are a member of the Cyber Security Incident Response Team (CSIRT) and qualified to act as Incident Commander on serious incidents, as a result may be tasked with responding to cyber incidents outside of normal work hours. You are also responsible for leading certain programs and initiatives within the Cyber Blue Team as well as assisting in measuring and improving team performance and processes.

Your Primary Responsibilities:

• Monitor, Detect, Analyze, research, and respond to cyber security events including Network events, OS Log events and forensic information.

• Act as a critical issue point for junior team members.

• Lead and coordinate major investigations and incident response activities.

• Act as Incident Commander for serious (P2-P4) incidents.

• Perform eDiscovery and other technical tasks.

• Independently lead technical programs and large projects.

• Train and mentor junior staff members.

• Work with management and QA/QC lead to improve the overall performance of the team.

• Work with the Cyber Purple Team to implement content and tune security platforms.

• Collaborate with partners from other business units to conduct investigations, review plans and procedures, and respond to cyber incidents.

• Participate in training, exercises, and process improvement program.

• Occasionally travel to conferences, training, and other DTCC offices (up to 10%).

• Participate in on-call rotation and occasional after-hours work.

• Create messaging, socialize your program, and evangelize security at DTCC.

Qualifications:

• Have at least three (3) years previous experience as a SOC analyst or similar role

• Demonstrate solid grasp of forensic interpretation of data.

• Demonstrate the ability to research and mentor team members on interpreting on OS log files, network logs, flow data and other security data.

• Have previous experience successfully leading technical projects and sophisticated incidents requiring collaboration with multiple people.

• Demonstrate tactical leadership of teams to accomplish technical tasks and projects.

• Demonstrate the ability to produce written reports including detailed analysis and recommendations.

• Demonstrate the ability to convey sophisticated technical concepts to both technical and non-technical audiences.

• Be a subject matter expert in a particular technology or security domain as well as have hands-on experience and knowledge of modern security tools and DFIR standard processes.

• Demonstrate the ability to take minimal high-level requirements and independently produce and implement an action plan to accomplish tasks.

• Demonstrate the ability to independently prioritize and manage multiple tasks.

• Demonstrate a strong desire to achieve and contribute to a hard-working team.

The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodations.