Silicon Valley Bank
Incident Response Analyst II (Finance)
SVB is seeking an Incident Response Analyst to join the Cybersecurity
Operations Team. The Cybersecurity Operations team is responsible for responding to computer based attacks as well as other computer related investigations. The Cybersecurity Analyst will leverage their knowledge of enterprise systems, Cybersecurity attack methods and forensic techniques to respond to escalated incidents. The Cybersecurity Analyst will use a comprehensive set of cybersecurity and forensic tools to complete investigations of cyber-attacks, assist in the development of Cyber Threat Intelligence capabilities including the collection, documentation and curation of threat indicators.
Incident Response:
Investigate escalated incidents using all available information from IT systems and security systems such as OS logs, application logs, firewall, IPS, sand boxing, host security, network devices, vulnerability management, compliance management, DLP and network forensics.
Follow standard incident response phases: prepare, identify, contain, eradicate, recover, lessons learned.
Escalate events to more experienced staff when needed.
Participate in on-call rotation.
Forensic Investigation:
Use enterprise and host forensic tools to respond to computer based incidents.
Identify and document malware artifacts.
Document indicators of compromise for use in future detections.
Collect and preserve evidence following industry best practices and established procedures.
Cyber Threat Intelligence:
Collect and document threat indicators from internal and external sources
Validate the quality of threat indicators including IoCs and IoAs.
Curate the collected indicators to ensure proper aging out of indicators
Other:
Maintain knowledge of the latest threats.
Continually learn new technology and best practices for incident response.
Skills and Requirements Required Skills/Experience:
Two or more years' experience in Incident Response or Computer Forensics. (Candidates with experience in System Administration, Network Administration and Cybersecurity Administration with one or more certifications will also be considered.)
Experience reviewing alerts and log data from a wide variety of sources.
Experience responding to incidents for on Windows, OSX and Linux based systems.
Understanding of how systems get infected and common malware behavior.
Ability to clearly document investigative findings.
Desired Skills/Experience:
Knowledge of legal and regulatory requirement for financial services.
Experience investigating account take over and other attacks against web based services.