Sr Info Security Analyst

Description

Syneos Health is seeking a highly technical and experienced Senior Incident Responder to join our Cyber Defense, Monitoring, and Threat Intelligence team. The successful candidate will bring novel approaches to protect against emerging cybersecurity threats. They will draw from their deep experience to quickly and effectively respond to detected cybersecurity threats, while also translating their technical findings and actions for audiences of all levels.As a member of the Information Risk and Security team, they will identify and drive initiatives that have a broad impact benefiting all of Syneos Health and its customers.

Incident Response Responsibilities:

• Serve as a Level 3 point of escalation for potential security events and investigations.
• Assist in leading incident response operations, coordinating and executing containment, mitigation, and remediation activities.
• Conduct root cause analysis exercises to identify the source of incidents by reviewing event logs, network traffic, behavior analytics, and other data sources.
• Examine log sources (e.g. firewall, endpoint detection & response, web filtering, email security) to identify evidence of malicious activities and indicators of compromise.
• Use tools to extract data from central log repository during security investigations for analysis, digital forensics, and evidence preservation.
• Maintain detailed investigation documentation and assist in preparing post-incident reports that convey root cause, impact, mitigation, and remediation.
• Assist in coordinating after-action reviews and driving cyber defense enhancements identified during incident response activities.
• Collaborate with team members to regularly review and enhance Incident Response playbooks and documentation.
• Regularly partner with Managed Security Service Providers (MSSPs) and other security vendors to drive effectiveness of the relationships.
• Coach and mentor junior members of the Cyber Defense team.

Threat Detection & Response Analysis Responsibilities:

• Collaborate with team members to identify opportunities to improve effectiveness and efficiency of Incident Response operations through automation and technology orchestration.
• Utilize threat intelligence and common threat detection frameworks (e.g. MITRE ATT&CK) to enrich investigation activities and identify opportunities to further tune or customize detection and response platforms.
• Develop advanced detection queries for regular threat hunting exercises related to current or emerging threats.
• ·Participate in internal exercises such as technical tabletops and red teaming activities.
• Stay up to date on current industry trends and emerging threats, coordinating proactive, detective or preventive actions when applicable.
• Cross-collaborate with security architecture and engineering teams to define and drive security posture and process improvements.

Qualifications

• Bachelor’s degree in a related field; one or more of the following certifications: GCIH, GCFA, GSOC, CISM, CISSP, Net+, Security+.
• 5+ years of experience in Information Technology, Cybersecurity, or related fields.
• 3+ years of experience in Cybersecurity Operations (e.g. threat detection and analysis, cyber incident response, incident handling, blue/red teaming)
• Experience with large scale, complex incidents of all types, including APTs, web application attacks, insider threats, malware, and data exfiltration.
• Proven knowledge of incident handling best practices, cybersecurity exploits, adversary behaviors, and responding to active cyber threats.
• Familiarity with focus areas such as digital forensics, reverse engineering, threat hunting, and threat intelligence.
• Advanced experience using security detection/protection platforms, including, for example, Secure Email Protection, Endpoint Detection/Response (EDR), and Web Application Firewall (WAF).
• Advanced experience with log analysis, network traffic analysis, threat hunting, evidence preservation, and digital forensics.
• Experience operating in large, multi-cloud environments (e.g. AWS, Microsoft Azure, Oracle Cloud) and knowledge of cloud cyber threats.
• Proven knowledge in cloud technologies, operating systems, and network protocols.
• Advanced knowledge of scripting and query languages, such as bash, Python, PowerShell, KQL, Lambda.
• Ability to work well under pressure while maintaining focus and professionalism.
• Ability to communicate complex, technical issues to diverse audiences, verbally and written, in a clear, understandable, and actionable manner.
• Ability to meet on-call responsibilities periodically and collaborate with global team members to support 24/7 operations.
• Life sciences experience is a plus.

#LI-RB1