Con Edison
Overview
Con Edison is seeking a Senior Incident Response Analyst to build and expand our Incident Response capabilities. This position will work very closely with our Cybersecurity Operations Center (CSOC) and report directly to the Director, Cybersecurity Operations. The selected candidate will lead incident investigations, strengthen detection and response capabilities, expand our cloud security posture, and mentor SOC analysts. This role will focus on monitoring and analyzing alerts, performing advanced network and cloud investigations, guiding the SOC through the entire cyber kill chain, and driving continuous improvement across on-premises, cloud, and operational technology (OT) environments.
Base pay range $100,000.00/yr - $135,000.00/yr
Responsibilities
Execute and oversee incident response across all phases of the cyber kill chain.
Investigate incidents from detection to resolution by rapidly assessing threats, determining impact, coordinating responses, collaborating with relevant teams, and managing incident response through all stages of the cyber kill chain.
Develop and maintain incident response playbooks and procedures to align with industry best practices and emerging threats, leveraging threat intelligence for enhanced detection and response.
Design and implement cloud-focused incident response processes, expand SOC capabilities, integrate cloud-native tools, and collaborate with engineering teams to strengthen detection, investigation, and optimization of detection and response for AWS, Azure, and GCP environments.
Investigate network and cloud activity by analyzing logs, packet captures, endpoint telemetry, and applying frameworks like MITRE ATT&CK to identify attacker entry points, lateral movement, and indicators of compromise.
Lead post-incident reviews by documenting actions, performing root-cause analysis, identifying vulnerabilities, and continuously enhancing SOC detection and response processes.
Collaborate with SOC analysts and other teams to enhance investigative and triage skills, deliver ongoing training, and embed security best practices throughout the organization.
Qualifications Required Education/Experience
Master's Degree and (2) years of Cybersecurity Operations, Cybersecurity Engineering, Incident Response or related experience; or
Bachelor's Degree and (3) years of Cybersecurity Operations, Cybersecurity Engineering, Incident Response or related experience; or
Associate's Degree and (4) years of Cybersecurity Operations, Cybersecurity Engineering, Incident Response or related experience.
Relevant Work Experience
Demonstrated experience in security monitoring, threat detection, and effective management of real-world cyber incidents in collaboration with stakeholders.
Proficient in utilizing both commercial and open-source cybersecurity tools, required.
Hands-on experience in coordinating containment, eradication, and recovery operations for a variety of threats (malware, phishing, ransomware, cloud-based, edge attacks).
Experience working with cybersecurity teams and other business units to ensure seamless incident response and communication.
Ability to provide timely updates to leadership during security incidents and document comprehensive incident reports.
Certifications such as GCIA, GCIH, GCFA, GNFA, CISSP, OSCP, or cloud-specific certifications (AWS Security Specialty, Azure Security Engineer Associate, Google Professional Cloud Security Engineer) preferred.
Experience automating SOC workflows using Python, PowerShell, or similar scripting languages preferred.
Familiarity with hybrid cloud/on-premise security integration preferred.
Skills and Abilities
Strong verbal communication and listening skills
Demonstrated written communication skills
Demonstrated analytical skills
Proficiency in Microsoft Office (Word, Excel, Outlook, PowerPoint)
Licenses and Certifications
Driver's License Required
Other: Relevant DFIR certifications such as GCIH, GCIA, GCFE, EnCE, GREM, CFCE or similar (preferred)
Additional Physical Demands
The selected candidate may be assigned a System Emergency Assignment and may be required to work non-business hours during emergencies, including nights, weekends, and holidays.
Must be able and willing to travel within Company service territory, as needed.
#J-18808-Ljbffr
Base pay range $100,000.00/yr - $135,000.00/yr
Responsibilities
Execute and oversee incident response across all phases of the cyber kill chain.
Investigate incidents from detection to resolution by rapidly assessing threats, determining impact, coordinating responses, collaborating with relevant teams, and managing incident response through all stages of the cyber kill chain.
Develop and maintain incident response playbooks and procedures to align with industry best practices and emerging threats, leveraging threat intelligence for enhanced detection and response.
Design and implement cloud-focused incident response processes, expand SOC capabilities, integrate cloud-native tools, and collaborate with engineering teams to strengthen detection, investigation, and optimization of detection and response for AWS, Azure, and GCP environments.
Investigate network and cloud activity by analyzing logs, packet captures, endpoint telemetry, and applying frameworks like MITRE ATT&CK to identify attacker entry points, lateral movement, and indicators of compromise.
Lead post-incident reviews by documenting actions, performing root-cause analysis, identifying vulnerabilities, and continuously enhancing SOC detection and response processes.
Collaborate with SOC analysts and other teams to enhance investigative and triage skills, deliver ongoing training, and embed security best practices throughout the organization.
Qualifications Required Education/Experience
Master's Degree and (2) years of Cybersecurity Operations, Cybersecurity Engineering, Incident Response or related experience; or
Bachelor's Degree and (3) years of Cybersecurity Operations, Cybersecurity Engineering, Incident Response or related experience; or
Associate's Degree and (4) years of Cybersecurity Operations, Cybersecurity Engineering, Incident Response or related experience.
Relevant Work Experience
Demonstrated experience in security monitoring, threat detection, and effective management of real-world cyber incidents in collaboration with stakeholders.
Proficient in utilizing both commercial and open-source cybersecurity tools, required.
Hands-on experience in coordinating containment, eradication, and recovery operations for a variety of threats (malware, phishing, ransomware, cloud-based, edge attacks).
Experience working with cybersecurity teams and other business units to ensure seamless incident response and communication.
Ability to provide timely updates to leadership during security incidents and document comprehensive incident reports.
Certifications such as GCIA, GCIH, GCFA, GNFA, CISSP, OSCP, or cloud-specific certifications (AWS Security Specialty, Azure Security Engineer Associate, Google Professional Cloud Security Engineer) preferred.
Experience automating SOC workflows using Python, PowerShell, or similar scripting languages preferred.
Familiarity with hybrid cloud/on-premise security integration preferred.
Skills and Abilities
Strong verbal communication and listening skills
Demonstrated written communication skills
Demonstrated analytical skills
Proficiency in Microsoft Office (Word, Excel, Outlook, PowerPoint)
Licenses and Certifications
Driver's License Required
Other: Relevant DFIR certifications such as GCIH, GCIA, GCFE, EnCE, GREM, CFCE or similar (preferred)
Additional Physical Demands
The selected candidate may be assigned a System Emergency Assignment and may be required to work non-business hours during emergencies, including nights, weekends, and holidays.
Must be able and willing to travel within Company service territory, as needed.
#J-18808-Ljbffr