RSM is hiring a Cyber Incident Response Specialist. As part of the threat intelligence led security incident response team, anticipate, prevent, plan, and execute risk-based responses to cyber security incidents. Work incident response, security intelligence, and investigations. When not guiding and coordinating security incidents for the firm, prepare for future incidents, hunt threats, and conduct investigations. Automation is preferred over manual direction of computer and network defenses. May work extended hours and/or be on-call for addressing after hours incidents.
• Monitor and respond to security events and incidents using established processes, creating process and procedures where none are already established. Detect and assess threats to the computer networks and assets. Analyze sensitive authentication activities and privilege combinations that could lead to abuse; monitor privileged access activity for possible abuse; monitor suspicious and/or inappropriate activities; assess data leakage vulnerabilities; and establish baseline usage information and trends. Perform root cause analysis on security incidents.
• Administer security tools, keeping them current, tuned, and optimized.
• Hunt for threats and malware that alarms miss, develop indicators and tripwires to improve detection and prevention capabilities.
• Collect, process, and analyze data and information to create threat intelligence. Provide rapid assessments of potentially imminent security situations, sensitive developments and complex threat issues. Assess unforeseen threat developments and recommend changes in security direction and approach.
• Collect and analyze data and evidence in support of investigations, preserving chain of custody when necessary.
• Engineer security tools and processes to meet scope and mission requirements. Leverage and expand the capabilities of existing analytical tools and technologies; recommend new technologies as appropriate to enable a more robust advanced security data analytics capability.
• Bachelor’s Degree or equivalent work experience.
• 1 to 3 years in the IT Security field where daily activities included hands-on technical work
• Experience with system administration and network configuration.
• Experience with data mining / correlation & log analysis.
• 1 year industry experience in intrusion analysis or security relevant troubleshooting for large-scale enterprise environment
• Working knowledge of security operations: perimeter defense, forensics, incident response, kill chain analysis, risk assessment and security metrics.
• 1 or more security certifications (e.g. CISSP, Security +, GCIA, GSEC, GISF) preferred.
• GIAC Certified Incident Handler (GCIH) and/or Certified Ethical Hacker (CEH) specifically preferred.
• Ability to build and automate efficient and effective scripts from scratch preferred.
• Big Data analytics experience preferred.
• Forensic experience and malware reversing (disk/memory/network forensics) preferred.
• Knowledge and experience of toolsets and frameworks like ELK stack, splunk, Maltego, OpenSOC, OpenIOC, STIX, TAXII, CybOX preferred.
You want your next step to be the right one. You've worked hard to get where you are today. And now you're ready to use your unique skills, talents and personality to achieve great things. RSM is a place where you are valued as an individual, mentored as a future leader, and recognized for your accomplishments and potential. Working directly with clients, key decision makers and business owners across various industries and geographies, you'll move quickly along the learning curve and our clients will benefit from your fresh perspective.
Experience RSM US. Experience the power of being understood.
RSM is an equal opportunity/affirmative action employer. Minorities/Females/Disabled/Veterans.