Lincoln Financial Group - Radnor, PA
posted 27 days ago
The IT Security Incident Response Analyst position at Lincoln Financial is a critical role focused on the continuous monitoring and investigation of security alerts. The analyst will be responsible for maintaining the health of security sensors and endpoints, collecting necessary data and context to initiate incident response (IR). This position requires a proactive approach to security, as the analyst will correlate and triage security events generated by monitoring tools to assess their scope, urgency, and potential impact. The role involves documenting incidents from initial detection through to final resolution, ensuring a thorough record of security events. In addition to incident documentation, the analyst will perform various incident response functions, including host-based analysis on Windows, Linux, and Mac OS X systems to identify suspicious and malicious activities. A strong understanding of operating systems and their artifacts is essential for assisting in investigations. The analyst will also analyze different data types from various sources within the enterprise to draw conclusions regarding past and potential current security incidents. The role includes providing after-hours support on a rotational basis to address critical incidents and maintain continuous coverage. The analyst will engage in threat hunting exercises to proactively discover threats that may evade existing security mechanisms, using this information to enhance the organization’s cyber resilience. Furthermore, the analyst will create and modify Security Information and Event Management (SIEM) dashboards to effectively monitor activity and tune security tool policies to reduce false positives and improve detection capabilities.