- Location: Marietta, GA
- *W2-GC/USC Only*
1. MUST HAVE - 3-6 years’ experience working in incident response and/or other IT related fields tied to networking and enterprise information system environments.
a. Preference is true Incident Response experience, where the candidate has worked investigations related to enterprise network compromise.
2. MUST HAVE – Hands on experience with security tools
a. Splunk – advanced Splunk query language, ability to create dashboards, does not need oversight in performing Splunk searches to support an investigation
b. EDR Experience (Crowdstrike or Carbon Black) including scripting, live host analysis, extracting artifacts
c. Ability to analyze PCAPs commonly pulled for Network Defense tools
3. MUST HAVE - Good written and verbal communications skills. Tier 2 analysts have to write investigation reports which are often shared with auditors, regulators, and executive management MUST HAVE – In depth knowledge of network protocols, enterprise architecture, and common network logging functions.
4. MUST HAVE – Experience with log analysis, malware analysis, forensic analysis.
5. MUST HAVE – Functional knowledge of the MITRE ATT&CK framework