Senior Global Cybersecurity Incident Response Analyst

JOB DESCRIPTION
The Senior Global Cybersecurity Incident Response Analyst will support UL Solutions with investigating cybersecurity incidents. They will Perform Digital Forensics with any incidents, create IR playbooks, and assist with monthly reporting for cybersecurity performance metrics.
RESPONSIBILITIES

• Investigate and triage cybersecurity incidents as assigned in ServiceNow platform according documented the Cybersecurity Incident Response process.
• Communicate with UL associates across the organization to gather information and evidence required to investigate cybersecurity incidents.
• Document cybersecurity incident details and incident timeline in accordance with documented Cybersecurity Incident Response Team standards.
• Collaborate with Cybersecurity Incident stakeholders to identify opportunities for process improvement and/or implementation of controls to prevent the recurrence of incidents.
• Identify and communicate cybersecurity risks during the incident response process to the Cyber Risk Team and the Business.
• Perform Digital Forensics Incident Response triage on Windows, Linux, and macOS hosts as required to investigate incidents using EDR and forensic tooling.
• Create IR playbooks and technical documentation as needed to drive process improvement and knowledge management.
• Assist the Cybersecurity Team with the capture of cybersecurity incident performance metrics using data analytics with ServiceNow and PowerBI.
• Assist team with monthly status reporting of deliverables, milestones, and notable achievements for greater Cybersecurity Team all-hands meetings.
• Assist Compliance and Audit teams with information requests to support regulatory and compliance audits.

Technical Skills Required:
The preferred candidate will have:

• Possess 3-5 years of working as a SOC analyst or Incident Responder, possessing a strong technical background to respond to compromised accounts, malware, data exfiltration, and data exposure incidents.
• Have experience with Digital Forensics Incident Response tools such as Encase, Magnet Axiom, Autopsy, KAPE Tools. Zimmerman Tools
• Have experience working in a large enterprise company across various geographic regions and timezones.
• Strong written and verbal skills, and ability to present technical topics to a non-technical audience.
• Have experience creating IR playbooks and technical documentation as needed to drive process improvement and knowledge management.
• Ability to create and lead the delivery of cybersecurity table-top exercises to stakeholders. Knowledge of Backdoors & Breaches a plus.
• Must be able to work independently or with minimal supervision, with ability to be a technical lead and mentor to junior analysts.
• Must have experience with project management, with ability to manage multiple tasks required for incident resolution and project work.
• Must have experience using an EDR tool (Crowdstrike, Carbon Black, Microsoft Defender)
• Must have experience using a Security Information Event Manager (SIEM) Solution (Splunk, SumoLogic, Sentinel, ELK)
• Must have experience using the ServiceNow CRM platform.
• Must be proficient with Windows PowerShell scripting language, Python experience is a plus.
• Must have experience with Active Directory security and administrative fundamentals.
• Must have experience with Microsoft EntraID and M365 security and administrative fundamentals.

Preferred Certifications:
The preferred candidate will have a CompTIA Security+ or CompTIA Network+ certification
SANS Certificate is preferred (GCIH, GCFA, GSEC, GCIA, GPEN)
Specialized Skills Required:

• Working cybersecurity incidents and supporting the team with tasking on incidents of larger scope
• Proficiency with Digital Forensics Incident Response tools and techniques
• Creating and documenting IR playbooks to support the IR program
• Assisting with monthly reporting for team meetings and performance metrics

QUALIFICATIONS
Educational Requirements:
Bachelor's degree in computer science, electrical engineering, or communication arts preferred or commensurate experience
(Military service working with cyber, or demonstrated experience working in the cybersecurity field within job description requirements)

• Total Rewards: We understand compensation is an important factor as you consider the next step in your career. The estimated salary range for this position is $120,000 to $140,000 and is based on multiple factors, including job-related knowledge/skills, experience, geographical location, as well as other factors. This position is eligible for annual bonus compensation with a target payout of 10% of the base salary. This position also provides health benefits such as medical, dental and vision; wellness benefits such as mental and financial health; and retirement savings (401K) commensurate with the standard rewards offered in each individual location or country. We also provide full-time employees with paid time off including vacation (15 days), holiday including floating holidays (12 days) and sick time off (72 hours).

#LI-SG2
#LI-Hybrid