Incident Response Analyst Team Lead

Job description

About Us

Thrive is a rapidly growing technology solutions provider focusing upon Cloud, Cyber Security, Networking, Disaster Recovery and Managed Services.  Our corporate culture, engineering talent, customer-centric approach, and focus upon “next generation” services help us stand out amongst our peers.  Thrive is on the look-out for individuals who don’t view their weekdays spent at “a job” but rather look to develop valuable skills that ignite their passion and lead to a CAREER.  If you’re attracted to a “work hard, play hard” environment, seeking the guidance, training and experience necessary to build a lucrative career, then welcome to THRIVE!!

Position Overview

With a growing client base, Thrive is expanding its security team. We are looking for an experienced Incident Response Analyst Team Lead to join our Cyber Security Incident Response Team. This pivotal role involves leading incident response efforts, mentoring analysts, and continuously improving our customers’ security posture by preventing, detecting, analyzing, and responding to cybersecurity incidents using cutting-edge technology and robust processes.

The ideal candidate will bring a blend of leadership, deep technical expertise, and a passion for incident response and forensics. They will play a key role in handling high-priority incidents, refining incident response processes, and mentoring team members to ensure operational excellence.

Primary Responsibilities

• Provide mentorship, coaching, and guidance to SOC Analysts and Incident Response Analyst

• Foster collaboration across teams to enhance threat intelligence sharing and operational efficiency

• Act as a point of escalation for complex investigations and high-priority incidents

• Lead incident response and threat hunting efforts for confirmed high-priority security incidents, ensuring resolution and documentation

• Investigate intrusion attempts, differentiate false positives from actual threats, and perform in-depth analysis of exploits

• Proactively monitor and respond to emerging threats using advanced tools and methodologies

• Conduct forensic analysis, including memory and disk imaging, to identify evidence of compromise and attacker activity

• Collect, preserve, and analyze digital evidence to support investigations and potential legal actions

• Utilize forensic tools to uncover artifacts such as deleted files, malware remnants, and network traces

• Develop and maintain incident response playbooks, ensuring alignment with the overall security strategy

• Conduct regular reviews and updates of playbooks to address evolving threats and technologies

• Participate in tabletop exercises to validate and refine playbooks and incident response procedures

• Analyze SOC, SIEM, and EDR platform data to identify and escalate potential threats.

• Collaborate with cross-functional teams to implement security best practices for internal and external clients

• Ensure adherence to Thrive’s security standards while recommending future enhancements to tools and workflows

• Utilize threat intelligence to identify potential security risks and proactively mitigate them

• Stay current on emerging threats, vulnerabilities, and adversarial tactics, techniques, and procedures (TTPs)

Qualifications

Required Skills and Experience

• Demonstrated experience in incident handling, escalation management, or leading high-priority incident investigations

• Demonstrated expertise in best security practices and incident response methodologies.

• Advanced knowledge of:

• Security Information and Event Management (SIEM) tools

• Networking (TCP/IP, routing, and switching)

• IDS/IPS, penetration testing, and vulnerability assessments

• Windows, UNIX, and Linux operating systems

• Network protocols and packet analysis tools

• Endpoint Detection and Response (EDR), antivirus, and anti-malware tools

• Content filtering and email/web gateways

• Hands-on experience in forensics, malware analysis, and intrusion detection

• Familiarity with industry frameworks such as MITRE ATT&CK and the Cyber Kill Chain

• Proven ability to communicate complex security issues to clients, peers, and management

• Strong analytical, problem-solving, and decision-making skills

• Adaptability to rapidly evolving situations and technologies

• Ability to participate in an on-call rotation for high-priority incidents

Preferred Skills

• Knowledge of common system calls and APIs for Windows and Linux/Unix environments

• Experience with programming languages relevant to security analysis and automation

• Understanding of internal file structures commonly associated with malware

• Experience in detection engineering and creating high-fidelity detection rules

• Advanced cloud security knowledge and expertise in investigating cloud-based intrusions

Desired Certifications

• Computer Hacking Forensic Investigator (CHFI)

• GIAC Certified Forensic Analyst (GCFA)

• GIAC Certified Forensic Examiner (GCFE)

• Certified Incident Handler (GCIH)