Sr. Cybersecurity Analyst-Incident Response (Hybrid)

$103,000 - $175,100/Yr

KLA - Ann Arbor, MI

posted 4 months ago

Full-time - Mid Level
Ann Arbor, MI
Computer and Electronic Product Manufacturing

About the position

The Senior Cybersecurity Analyst in Incident Response at KLA plays a crucial role in safeguarding the company's digital assets and intellectual property. This position is part of the Cybersecurity group, which is integral to KLA's global operations, defending against cyber threats and providing essential incident response services. The analyst will be responsible for advanced incident response, threat hunting, and maintaining security tools that protect KLA's environment. This role requires a proactive approach to identifying adversarial activities and anticipating various threats to enhance the overall security posture of the organization. In this position, the analyst will actively monitor and respond to security events on a 24/7 basis, including participating in a rotational on-call capacity. The role involves planning and implementing regular incident response exercises, analyzing cyber threats, and providing subject matter expert support to junior analysts. The analyst will also research detection evasion methods and develop new strategies to counteract these techniques, ensuring that KLA remains resilient against evolving cyber threats. The Senior Cybersecurity Analyst will transform threat intelligence into effective detection logic and signatures for integration with Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) platforms. Communication with management is essential, as the analyst will keep leaders informed of incident progress and any necessary changes. The role may require some domestic and/or international travel, up to 25%. This hybrid position is based out of KLA's Midwest headquarters in Ann Arbor, MI, and offers a dynamic work environment where innovation and problem-solving are at the forefront.

Responsibilities

  • Act as an active member of the team monitoring and processing responses for security events on a 24x7 basis, including serving in a rotational on-call capacity.
  • Plan and implement regular incident response and postmortem exercises, focusing on measurable benchmarks to show progress or deficiencies.
  • Review and analyze cyber threats, providing SME support and training to junior security analysts.
  • Research adversarial detection evasion methods and develop new detection strategies.
  • Analyze malicious code, scripts, attack techniques, or exploits to identify detection telemetry generated at a host and/or network level.
  • Transform threat intelligence into effective detection logic and new signatures for integration with SIEM and EDR platforms.
  • Evaluate existing detection rules and facilitate the development and tuning of AV, EDR, and SIEM rules for high fidelity alerting.
  • Communicate with management regarding incident progress and notify of impending changes or outages.
  • Monitor and analyze IDS, network traffic, and logs to differentiate between potential intrusion attempts and false alarms.
  • Compose security alert notifications and advise incident responders on investigation and resolution steps.
  • Perform detection, monitoring, analysis, and resolution of security incidents, prioritizing work to provide a positive customer experience.
  • Participate in security incident handling efforts in response to detected incidents.
  • Maintain awareness of trends in security regulatory, technology, and operational requirements.

Requirements

  • 5+ years of related experience in cybersecurity or related technologies such as firewalls, AV, EDR, IPS, IDS, and SIEM systems.
  • 5+ years of experience working in or with a Security Operations Center (SOC) in an Incident Responder role.
  • Demonstrable experience developing behavioral-based signatures and indicators of compromise (IOCs) across host and network devices.
  • Experience with scripting languages such as Python, Bash, and PowerShell for task automation and analysis.
  • Proficiency in Operating Systems (Windows and Linux).
  • Relevant security-related certification(s) such as CISSP, GCIA, GSEC, GCIH, GCED, GCFA, GREM are a plus.
  • Validated domain expertise in incident response, intrusion analysis, incident handling, malware analysis, web security, or security engineering.
  • Strong working knowledge of common security appliances including EDR, SIEM, AV, scanners, proxies, WAF, Netflow, IDS, and forensics tools.
  • Ability to multi-task, adapt to changes quickly, and handle heavy ticket volumes.
  • Technical awareness to match resources to technical issues appropriately.

Nice-to-haves

  • Familiarity with various network and host-based security applications and tools, such as network and host assessment/scanning tools, network and intrusion detection systems, and other security software packages.
  • Knowledge of confidentiality, integrity, and availability principles.
  • Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, DNS, and directory services.
  • Knowledge of authentication, authorization, and access control methods.
  • Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.

Benefits

  • Paid time off
  • Tuition reimbursement
  • 401(k) with company matching
  • Medical, dental, and vision insurance
  • Life insurance
  • Employee stock purchase program (ESPP)
  • Student debt assistance
  • Development and career growth opportunities
  • Financial planning benefits
  • Wellness benefits including an employee assistance program (EAP)
  • Paid company holidays
  • Family care and bonding leave

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service