Threat Response Analyst
About the Role
The CrowdStrike OverWatch Elite team is seeking a motivated individual with strong technical skills and customer centric personality to act as a trusted advisor to OverWatch Elite’s managed threat hunting customers.
OverWatch Elite Threat Response Analysts act as a bolt-on to the Falcon OverWatch managed threat hunting service by collaborating with clients, exchanging threat intelligence with clients, providing threat briefings to a diverse audience, drafting communication around threat detections, performing hypothesis driven hunts, leading customer war rooms, and acting as liaison between customers and threat hunting teams.
The OverWatch Elite team delivers ‘White Glove’ service to augment OverWatch threat hunting and provides a personal consultative threat response experience to customers that expect a top-tier, proactive, professional service.
What You’ll Do
- Generate high-quality customer deliverables to meet the criteria and expectations of the service such as:
- Hunting for threats, anomalies and cyber-related disruptions on customer endpoints
- Performing threat analysis, deep-dives and incident assessments
- Researching and assessing customer’s threats and IOCs
- Conducting ongoing customer environment assessments
- Holding quarterly customer security report presentations
- Conducting research and presenting threat briefings to a large audience
- Provide subject matter expertise and insight to clients about industry attack trends and defenses by developing and maintaining deep awareness and understanding of evolving threats, adversaries and intrusion trends
- Development and delivery of impactful threat briefings, reporting and presentations to customers by providing actionable intelligence
- Collaborate interdepartmental teams to help detect new, interesting or unique threats and mitigations based on hunting observations
- Build strong advisory relationships with customers and continuously exceeding client expectations
- Guide clients through Threat Response findings and providing subject matter expertise for response activities such as taking remediation actions in situations that require action to be taken
- Gather client input and feedback across customer base to influence service roadmaps
What You’ll Need
- Trustworthy, self-starter, good communicator, collaborative, dependable, and driven personality
- Bachelor’s degree in information security or related discipline or the equivalent of six (6) years or more in the industry as job experience
- Two (2) or more years of significant client-facing relationship management experience
- Prior cyber experience in four (4) or more of the following:
- Threat response
- Intrusion analysis
- Managed or enterprise information security services
- Endpoint incident response (Windows, MAC, and/or Linux)
- Malware analysis
- Penetration testing
- Threat hunting
- Information security consulting
- Intelligence
- Bonus points for experience with big-data processing tools such as Splunk, Humio, Logstash, Kibana, etc.
- Strong written and verbal communication skills
- Proven ability to convey extremely technical concepts to audiences with varying technical prowess
- Strong understanding of MITRE ATT&CK techniques / sub-techniques and ability to articulate TTPs to customers
- Proven ability and confidence to tailor communication to a wide range of stakeholders from Security Analysts to CIOs