Incident Response Analyst- Kuwait

Position Incident Response Analyst

Work location Kuwait (Onsite only)

Qualifications (Mandatory) -

• Experience in Information Security and in Incident response & closure related activities

Desired Certifications (At Least One of the Following):

• CISSP
• GCIH or GCIA or CFE
• GCFA

Experience:

• Certified experience in Enterprise Managed Security Services focused on Incident response activities
• Strong knowledge of tools used for network security
• Understanding of basic attack and defense techniques
• Develop and follow detailed operational processes and procedures
• Analyze, escalate and assist in the remediation of information security incidents.
• Prioritize multiple tasks and formulate responses/recommendations to customers.
• Provide assistance to other incident response teams.
• Apply technical acumen and analytical capabilities to speed and enhance response.
• Capable of following an investigative process
• Strong Operating System understanding (Linux & Windows)
• High level understanding of malware identification/remediation processes
• Ability to document and explain technical details in a concise, understandable manner
• Ability to read and understand diverse log sources quickly
• Research and document threats and their behavior.
• Good understanding of incident response & forensics tools including redline, volatility, FTK, Encase, Photorec, Bulk extractor, etc.
• Good understanding of Packet analysis tools (tcpdump, Wireshark, ingrep, etc.)
• Working knowledge with tools such as: Web App Tools Intercepting proxies (e.g. Burp Proxy, Paros Proxy, etc.) and automated scanners (e.g. Nessus, Acunetix, WebInspect, Netsparker, nikto, Skipfish)
• Working knowledge with Exploitation Tools - Metasploit, Karmetasploit, BurpSuite, BackTrack/Kali Linux, SQL Map, Social Engineering Toolkit

Activities:

• Security event detection, triage and threat analysis for complex and/or escalated security events
• Assist SOC L1/L2 Analyst in incident analysis
• Perform Incident Response (IR) when analysis confirms actionable incident Perform Incident triage and containment activities
• Perform Incident analysis and coordinate with SOC and IT Teams as required as part of incident response
• Analyze network/malware/device logs of reported incidents and make recommendations for remediation of security incidents
• Collect evidences for future forensics analysis
• Perform Memory dump and disk imaging activities as part of incident record preservation
• Search the affected environment for the reported IOCs and vulnerabilities
• Coordinate with IS Team to engage external Incident Response SMEs as required
• Operate the incident analysis and forensics tools provided by the Company and Contractor
• Perform root cause analysis and coordinate with IT Teams to perform eradication activities after incident resolution Record incident learnings and continuously update the knowledge base for SOC Analysts.
• Provide regular updates until the identified incident is closed
• Provided weekly/monthly/quarterly/yearly report on reported incidents as per the agreed reporting format with Information Security Team
• Develop Incident Reports after incident closure
• Coordinate with IT teams to ensure affected systems are hardened and patched
• Provide on-job training to Information Security resources
• Participate on all POCs provided by Information Security Team
• Additional responsibilities as directed by the Contract Superintendent related to services under this contract